Friday, November 26, 2010

Group Policy: Retention method for security log

Location: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Event Log

This security setting determines the "wrapping" method for the security log.

If you do not archive the security log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events as needed.

If you archive the log at scheduled intervals, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events by days and specify the appropriate number of days in the retain security log setting. Make sure that the Maximum security log size is large enough to accommodate the interval.

If you must retain all the events in the log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Do not overwrite events (clear log manually). This option requires that the log be cleared manually. In this case, when the maximum log size is reached, new events are discarded.

Notes

This setting does not appear in the Local Computer Policy object.

A user must possess the Manage auditing and security log user right to access the security log.

Default: None.

No comments:

Post a Comment