I notice that you work at the Navy, which might require that all clients have this setting enabled. If this is the case, there really are limited solutions for you, since your security policy requires this and this is the behavior that is desired: not allowing the client to function if the security log is full. I assume the administrator is archiving the log first, then clearing the log?
One possible solution is to create a background script to control the security log. This will require that the script archive the log, then clean it up. This might not fit into your security policy for the Navy, so be sure to investigate it before you add the script.
Another solution is to disable the crash on audit policy. Unless this client is a high-profile, very security-sensitive computer, there is no need to have this configuration set. Again, I do not know the overall Navy computer security policies, but I was not aware that all clients had to have the crash on audit policy set. To disable this policy for a Windows XP client, Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options, then set the policy "Audit: Shut down system immediately if unable to log security audits."
Dig Deeper on Windows legacy operating systems
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.