Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

XP workstation display "Security log is full"  and I cannot login unless I am a local admin

Posted on 2013-01-03
6
Medium Priority
?
665 Views
Last Modified: 2013-01-10
We have several XP workstations on our Windows 2008r2 domain. Recently several users have come to me and told me that they cannot log in. I go to their workstation and see a message similar to "security log is full" and something about how they need to be a local admin. I log in and make them local administrators and they are able to log in but when I go to clear the security log, it tells me I do not have the permissions and I am a Domain Admin, I also log in as the Administrator on the local workstation and try to clear the security log and I do not even permission as the local admin either. Has anyone seen this before? I know another IT person has been working with GPOs. Is it possible this is causing this? All advice welcome
0
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38740064
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 38740067
What it sounds like is GPOs are being applied that is causing this problem

Computer Configuration\Administrative Templates\Windows Components\Event Log Service

http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 38740080
There must be something in the event log on those workstations event viewer related to security. could you please check and post them ?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 38740087
Yes that GPO should have some wrong settings. Edit that GPO to overwrite event logs and you can set the max space allocated to event logs.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 38740331
Login as the Administrator Click --> start --> Run --> type rsop.msc.

From the rsop menu , expand to Computer configuration --> Windows settings --> Security settings --> Event log --> Check which policy is applied.And make the changes as expalined above.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38740367
Get the IT person who updated the GPo to remove the settings

Sounds like they need to be reviewed

Locking down the event logs causing the users not be able to logon  well time to unlock the event logs.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question