XP workstation display "Security log is full" and I cannot login unless I am a local admin

We have several XP workstations on our Windows 2008r2 domain. Recently several users have come to me and told me that they cannot log in. I go to their workstation and see a message similar to "security log is full" and something about how they need to be a local admin. I log in and make them local administrators and they are able to log in but when I go to clear the security log, it tells me I do not have the permissions and I am a Domain Admin, I also log in as the Administrator on the local workstation and try to clear the security log and I do not even permission as the local admin either. Has anyone seen this before? I know another IT person has been working with GPOs. Is it possible this is causing this? All advice welcome
Who is Participating?
Darius GhassemConnect With a Mentor Commented:
What it sounds like is GPOs are being applied that is causing this problem

Computer Configuration\Administrative Templates\Windows Components\Event Log Service

Thomas GrassiSystems AdministratorCommented:
Mohammed HamadaSenior IT ConsultantCommented:
There must be something in the event log on those workstations event viewer related to security. could you please check and post them ?
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Pramod UbheCommented:
Yes that GPO should have some wrong settings. Edit that GPO to overwrite event logs and you can set the max space allocated to event logs.
Venugopal NCommented:
Login as the Administrator Click --> start --> Run --> type rsop.msc.

From the rsop menu , expand to Computer configuration --> Windows settings --> Security settings --> Event log --> Check which policy is applied.And make the changes as expalined above.
Thomas GrassiSystems AdministratorCommented:
Get the IT person who updated the GPo to remove the settings

Sounds like they need to be reviewed

Locking down the event logs causing the users not be able to logon  well time to unlock the event logs.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.