Configuring event log settings

Event log size needs to be defined to prevent loss of audit data due to overwriting of events. 

  •  Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit. 

  • To enable FIM on Right-click
    Domain controller Default Domain Controllers Policy GPO
    Windows server ADAuditPlusMSPolicy GPO
    Workstation ADAuditPlusWSPolicy GPO

  • Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
  • Set Retention method for security log to Overwrite events as needed.
  • Configure the Maximum security log size as defined below. Ensure that the security log can hold a minimum of 12 hours’ worth of data.

Role Operating system Size
Domain controller  Windows Server 2003 512 MB
Domain controller  Windows Server 2008 and above 1,024 MB
Member server Windows Server 2003 512 MB
Member server Windows Server 2008 and above 4,096 MB
Workstation Windows 10, 8, 7, Vista, and XP 512 MB

Configure security log size and retention settings

我们的客户