Setting auditing policies in the registry

I am an administrator, and I want to know how I can set auditing policies in the registry so that the system stops when the security log is full.

There is a registry setting called CrashOnAuditFail, but as you'll see below, you can configure this setting via Group Policy. I don't recommend doing this unless your security requirements really demand it (such as compliance with the Trusted Computer Security Evaluation Criteria (TCSEC) program's C2 security level or for the Common Criteria for Information Technology Security Evaluation) and you have an archival and log clearing process in place to prevent your log from filling up under normal circumstances.

That being said, if your system is unable to, all you need to do is edit a Group Policy Object that gets applied...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

to your server(s) and maneuver to computer configuration/Windows settings/security settings/local policies/security options and enable the audit: Shut down system immediately if unable to log security audits.

If you don't use Group Policy, you'll find the same setting in Local Security Policy for each server. If you enable this setting and your system's security log fills up, it will immediately halt with a blue screen. To recover, you will need to restart the system. At this point, the system will boot in a special mode that disables the network from starting. Log on at the console as a member of administrators. Open event viewer, archive the security log and then clear it. Then you'll need to reset the CrashOnAuditFail registry setting so that the system will know it can start the network. Open the registry editor and find the CrashOnAuditFail setting under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa. Set the value to 1, and then reboot.

Dig Deeper on Windows 10 security and management

client-side extension (CSE) A client-side extension (CSE) is an integral component of enterprise group policy administration that applies Group Policy to users or endpoint systems.

SOA governance: Integrating the service repository and registry Integrating the service registry and repository can help IT professionals with software development and deployment.

Using AuditPol to audit Windows users and set policies Solution providers may find value in the AuditPol utility for auditing and organizing Windows users, setting policies and configuring settings such as user privileges.

Windows 7 audit policies, user privileges configuration Find out how to audit Windows 7 audit policies themselves and read what you need to know about configuring Windows 7 user privileges.

Five registry keys to improve Windows 7 security Learn about five Windows 7 registry keys that can improve your organisation's security by tuning PCs in ways that ensure users behave themselves!

Top 5 registry keys for Windows 7 Use these helpful Windows 7 registry keys to manage user account control, prevent the computer from rebooting after installing patches and more.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Enterprise Desktop experts

View all Enterprise Desktop questions and answers

Please create a username to comment.

VDI in 2020 will feature cloud, workspaces

Citrix-AWS ties bolstered to make hybrid cloud a reality

Benefits of virtualization highlighted in top 10 stories of 2019

December Patch Tuesday resolves Windows zero-day

What admins need to know about Azure Stack HCI

How to manage Exchange hybrid mail flow rules

Dig Deeper on Windows 10 security and management

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.