Audit: Shut down system immediately if unable to log security audits
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Description
Determines whether the system shuts down if it is unable to log security events.
If this policy is enabled, it causes the system to stop if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full and the retention method that is specified for the security log is either "Do Not Overwrite Events" or "Overwrite Events by Days."
If the security log is full and an existing entry cannot be overwritten, and this security option is enabled, the following Stop error appears:
STOP: C0000244 {Audit Failed}
An attempt to generate a security audit failed.
To recover, an administrator must log on, archive the log (optional), clear the log, and reset this option as desired.
Default: Disabled.
For more information, see:
| • |
