- getting security records from event viewer
- Posted by biff on February 12th, 2008
I need to gain access to logon/logoff records for a particular computer for
the last couple of months.
Hoever, it seems that the default setting is to overwrite events older than
7 days. Is there no way to get access to logon/logoff records if not shown
in the event log?
- Posted by Shenan Stanley on February 12th, 2008
biff wrote:
Not if they have been overwritten.
Sounds like you had your settings wrong for what you might need (or need
now.)
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
- Posted by biff on February 12th, 2008
what do you set your max log size at (for a desktop pc or gpo for desktop pcs)?
"Shenan Stanley" wrote:
- Posted by Shenan Stanley on February 12th, 2008
biff wrote:
Shenan wrote:
biff wrote:
Desktop PCs?
Default - because we determined we had no need for more than that on a local
PC and if someday someone requested data beyond what we logged - it was
already written in our policy that we don't log that much.
I believe that is 20MB and we have it set to overwrite "as needed".
(Security log)
The reason for the custom overwrite setting - otherwise if it filled up - it
would let no one but an admin log on...
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
