I'm trying to remove the security log files from my windows XP boxes. Users are getting the "system log is full only system administrator can log in" is there a batch file that can be run for this. I tried the below command but keep getting system files in use error.

DEL /F /S /Q /A "Full Path of File with extension"

Answer Summary:
You are better off setting a security policy to overwrite as needed and make the size large enough to be of use when needed. You can push a GPO to do this
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

3

You are better off setting a security policy to overwrite as needed and make the size large enough to be of use when needed.  You can push a GPO to do this or set the policies on on machine and export the applicable keysets.

http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx

Answered 11/19/2012 by: SMal.tmcc
Red Belt

  • I logged into the GPO adn i don't see the option to overwrite as needed.
  • Good info thx..do you have toassign the gpo to a specific OU?
    • you can assign it to ou's or user and/or machine groups.
      http://www.itninja.com/link/applying-group-policy-to-a-machine-user-or-group-of-either
Please log in to comment

Answers

0

Retention method for event log (separate policy settings for application, security and system logs)

Note

  • Misuse of these policy settings is a common error that can cause data loss or problems with data access or security.

The Retention method for event log policy settings determine the wrapping method for the application, security, and system logs.

If you do not want to archive the logs, in the property sheet for this policy setting, select the Define this policy setting check box, and then click Overwrite events as needed.

If you want to archive the log at scheduled intervals, in the property sheet for this policy setting, select the Define this policy setting check box, click Overwrite events by days, and then specify the appropriate number of days in the Retain application log policy setting. Ensure that the maximum log size is large enough to accommodate the amount of information you expect to gather during the archive interval.

If you must retain all the events in the log, in the property sheet for this policy setting, select the Define this policy setting check box, and then click Do not overwrite events (clear log manually). This value requires that the log be cleared manually. When the maximum log size is reached, new events are not written to the log, they are discarded.

The possible values for these Group Policy settings are:

  • Overwrite events by days.

  • Overwrite events as needed.

  • Do not overwrite events (clear log manually).

  • Not defined.

These policy settings do not appear in the Local Computer Policy object.

If you significantly increase the number of objects you audit in your organization, you run the risk of filling the security log to capacity and thus forcing the system to shut down. If this occurs, the system will be unusable until an administrator clears the security log. To prevent this, disable the Audit: Shut down system immediately if unable to log security audits policy setting and then increase the security log size.

If you set the value of Event log retention method to Do not overwrite events (clear log manually) or Overwrite events by days, important recent events might not be recorded, or you might suffer a denial-of-service attack.

Answered 11/20/2012 by: SMal.tmcc
Red Belt

  • Thank you i eventually found it. THanks!
  • Yea some of the domain level GPO settings are hard to sift though, glad you found it.
Please log in to comment
Answer this question or Comment on this question for clarity