Is anyone from Microsoft on this thread?
Why obtain "The security log on this system is full" after install Win11 22H2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 57.99999999999999%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Castro Cocotl, Favio Uriel
31
Reputation points
In the most recent laptops that I installed the latest update of Windows 11 (22H2) every so often that I restart the computer I get the message "The security log on this system is full". I enter the event viewer with another credentials and choose the "Overwrite events" option but after a while it doesn't allow me to log in showing the same previous message and changing back to the "don't overwrite events" option.
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 25%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Mitchel T. Erb 1 Reputation point2022-12-05T14:23:01.317+00:00 Having similar issues where the Overwrite security logs keeps reverting causing non-privileged users not to be able to login to their machines. All users with the issue are on 22H2...fun times.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 85%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
ARUN K 0 Reputation points2023-01-12T17:49:24.9866667+00:00 Getting the same issue.If anybody have a fix please provide.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 99%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Stefan 0 Reputation points2023-07-12T11:45:51.6666667+00:00 Having this same issue on a new Windows 11 Surface.
We've cleared the logs, increased the maximum log size, and changed the settings to "Overwrite event as needed (oldest vents first)", but it just keeps reverting to "Do not overwrite events (Clear logs manually)".
We've also carried out a clean install of Windows and applied the latest updates, but the issue keeps resurfacing.
Really need a lasting fix as this new Surface is all but unusable for the end user.
Sign in to comment
30 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-02-15T18:56:24.88+00:00 We have found in our Default Domain Group Policy Object that it was set to retain events for 90 days. We believe this is what is causing the "Overwrite" setting to be removed on reboot. We have set the GPO to "Not Defined" for event retention. We have set on the laptop that has this issue to overwrite event logs as needed. We restarted the laptop and it kept the overwrite setting. We are going to let this go for a couple of weeks to see if this fixed the issue.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 71%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
Talip Ceylan 0 Reputation points2023-02-23T08:39:43.12+00:00 Dear Greg Carron, has anything changed? We could not find a solution.
-
Anonymous
2023-03-08T13:17:35.82+00:00 After making the change to the GPO for the retention of the event logs to "Not Defined" we have not had the customer report the issue anymore.
-
Stefan 0 Reputation points
2023-11-02T17:28:50.3533333+00:00 Hi @Anonymous about to try this fix myself, but just wanted to check if it's continued to work for you now that we're a few months on?
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 80%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Bill Moller 1 Reputation point2023-02-23T14:36:55.97+00:00 Crickets from Microsoft. Maybe "broken" is the new expected behavior...
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 14.000000000000002%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELK%3C/text%3E%3C/svg%3E)
Luke Kiunga Ngore 0 Reputation points2023-07-03T12:09:32.5166667+00:00 I faced a similar problem and enabling/ disabling the following policies via GPO sorted the issue out.
- Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits
Set the security policy to > disabled - Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > Control Event Log Behavior when the log file reaches its maximum size,
Set the security policy to > disabled
- Computer Configuration\Windows Settings\Security Settings\Event Log\Retention method for security log Audit.
Define this policy setting > select overwrite events as needed
- Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more