Hi
I have been undergone one issue described below:
We got request from client to enable "Audit Logon Events - Success” is enabled on local systems.
we have one GPO with WMI filter for client operating system linked on domain level.
We made the changes on Computer Configuration--> Windows settings -->Security Settings -->Local Policies --> Audit Policy --> checked the "Define these policy settings" and select "Success".
After 1 days or 24 hours later, when user came to office and try to login on XP machies, they were not able to login on client workstation.
And after troubleshooting, got to know that Local system security events logs gettting full in 12 hours and due to that user is not able to login. Local IT team cleared teh secruity events of local system then user was able to login into the domain.
After long mail trial and esclation, We reverted the GPO as it was to normal. After reverting the change, issue got resolved.
My only concern is After enabling the Audit policy for checked the "Define these policy settings" and select "Success", security event size gots very soon filledup,. Why so after GPO changes and without GPO end user was able to login.
I have been undergone one issue described below:
We got request from client to enable "Audit Logon Events - Success” is enabled on local systems.
we have one GPO with WMI filter for client operating system linked on domain level.
We made the changes on Computer Configuration--> Windows settings -->Security Settings -->Local Policies --> Audit Policy --> checked the "Define these policy settings" and select "Success".
After 1 days or 24 hours later, when user came to office and try to login on XP machies, they were not able to login on client workstation.
And after troubleshooting, got to know that Local system security events logs gettting full in 12 hours and due to that user is not able to login. Local IT team cleared teh secruity events of local system then user was able to login into the domain.
After long mail trial and esclation, We reverted the GPO as it was to normal. After reverting the change, issue got resolved.
My only concern is After enabling the Audit policy for checked the "Define these policy settings" and select "Success", security event size gots very soon filledup,. Why so after GPO changes and without GPO end user was able to login.