WinSecWiki > Security Settings > Local Policies > Security Options > Audit > Shut down system immediately

Audit: Shut down system immediately if unable to log security audits

With this setting enabled, Windows crash with blue screen if the security log fills up and wrapping for the log is set to "Do not clear the log, overwrite events as necessary". 

Bottom line

Don't enable this setting except for high security environments where you can't afford to lose an audit trial no matter what.  In such cases it is crucial that you implement a log management process that frequently collects the security log and clears it.

Back to top


Additional Resources