Setting Event Log Settings Using a Group Policy Object

How do I set the "overwrite as needed" option in event logs other than application / security / system? Specifically, I would like to apply this to the Powershell and Windows Powershell logs, in addition to any other future logs that might be added. This needs to apply to both Server 2003 and 2008.

+1


source to share


4 answers


I don't think it's a GPO for them. But most Group Policies just modify the registry.

You can create an adm template that changed the settings, or you could just write a script to customize the settings.



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\PowerShell

      

If you don't know how to manually adjust the settings, just adjust the settings in the event log GUI and set all other systems the same. You may need to restart your system for the changes to take effect.

+1


source


Wow. I looked around this and found no links to setting Group Policy settings for event logs other than system, application, protected. It just doesn't seem right. You will need a script for your domain or workgroup or workstation using wevtutil.exe (cmd) or limit-eventlog (powershell). Both utilities have a built-in remote connection.



wevtutil sl <Log Name> /rt:false

limit-eventlog -Log Name  -OverFlowAction OverwriteAsNeeded

      

+2


source


You will now need to use the SDM software GPO cmdlets. This is the only way to change settings in a GPO from within PowerShell. But I don't know how to change "any logs that might be added" - I don't think you can change the system defaults (although I could be wrong - that's not something I've done much).

0


source


Computer Configuration -> Windows Settings -> Security Options -> Event Log

0


source







All Articles