WinSecWiki > Security Settings > Local Policies > Security Options > Audit > Shut down system immediately

Audit: Shut down system immediately if unable to log security audits

With this setting enabled, Windows crash with blue screen if the security log fills up and wrapping for the log is set to "Do not clear the log, overwrite events as necessary".

Bottom line

Don't enable this setting except for high security environments where you can't afford to lose an audit trial no matter what. In such cases it is crucial that you implement a log management process that frequently collects the security log and clears it.

Upcoming Webinars

Additional Resources

Audit

•	Audit the use of global system objects
•	Audit the use of Backup and Restore privilege
•	Force audit policy subcategory settings
•	Shut down system immediately

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.