Event log size needs to be defined to prevent loss of audit data due to overwriting of events.
- Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit.
- Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
- Set Retention method for security log to Overwrite events as needed.
- Configure the Maximum security log size as defined below. Ensure that the security log can hold a minimum of 12 hours’ worth of data.
| Role |
Operating system |
Size |
| Domain controller |
Windows Server 2003 |
512 MB |
| Domain controller |
Windows Server 2008 and above |
1,024 MB |
| Member server |
Windows Server 2003 |
512 MB |
| Member server |
Windows Server 2008 and above |
4,096 MB |
| Workstation |
Windows 10, 8, 7, Vista, and XP |
512 MB |
