Setting auditing policies in the registry
That being said, if your system is unable to, all you need to do is edit a Group Policy Object that gets applied...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
to your server(s) and maneuver to computer configuration/Windows settings/security settings/local policies/security options and enable the audit: Shut down system immediately if unable to log security audits.
If you don't use Group Policy, you'll find the same setting in Local Security Policy for each server. If you enable this setting and your system's security log fills up, it will immediately halt with a blue screen. To recover, you will need to restart the system. At this point, the system will boot in a special mode that disables the network from starting. Log on at the console as a member of administrators. Open event viewer, archive the security log and then clear it. Then you'll need to reset the CrashOnAuditFail registry setting so that the system will know it can start the network. Open the registry editor and find the CrashOnAuditFail setting under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa. Set the value to 1, and then reboot.