Skip to main content

Suppress thousands of 'Security' "Audit Success" entries in Windows 10 Event Log

If you find it annoying that your security event log is populated with literally thousands of entries telling you that the system has successfully done something, keep reading.

Open 'Local Group Policy Editor' - you will need Administrative rights to make these changes.
    - Start > Run > gpedit.msc (or secpol.msc which brings you directly to 'Security Settings')
     Or, navigate to Administrative Tools and open Local Security Policy from there.

In Local Group Policy Editor, under Local Computer Policy, navigate to:
Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies - Local Group Policy Object
      For reference:

Now, go to 'Account Management' and open 'Audit User Account Management'

Open this setting and tic the box to 'Configure the following...' as well as 'Failure'.
Click OK.

While here, do the same for 'Account Logon > Audit Credential Validation'.

Open 'Event Viewer' - Start > Run > eventvwr.msc (or navigate to Administrative Tools)
   - Select 'Windows Logs' > 'Security' - right-click on it, then select 'Clear' (optionally save this log if desired)

And finally, of course, reboot...

Summary -
Setting these to 'Failure' will suppress many, many useless entries from your event log. Instead of seeing 1,000 plus entries within a few minutes after booting, you should see roughly 15 throughout your entire session (until rebooting, after which you should see about 30...). 





Labels:

Comments

Post a Comment

Popular posts from this blog

Installing Acrobat Reader (9.5.5) on Ubuntu 18.04 (Bionic Beaver Linux)

To install Adobe Reader (9.5.5) follow these instructions , courtesy of LinuxConfig.org .  https://linuxconfig.org/how-to-install-adobe-acrobat-reader-on-ubuntu-18-04-bionic-beaver-linux Adding issues I ran into post-install. Possible issues post-install, when running app in terminal.  issues below did not stop 'acroread' from running, nor hinder its performance. if you execute 'acroread' in terminal you'll see issues like the below with ease. Otherwise, if using the shortcut, likely created under the 'Office' category, then you may need to refer to system logs to identify any errors. Murrine (or other theme) missing : sudo apt install --reinstall gtk2-engines-murrine:i386 ( even on 64-bit systems )         OR sudo apt install gtk2-engines-murrine:i386 ( even on 64-bit systems ) For these two errors install the modules listed below : Gtk-Message: Failed to load module "gail" Gtk-Message: Failed to load module "atk-brid...
Post a Comment
Read more

Add Linux/XFCE to Windows 10, then create a shortcut (.bat file) to start it up

No reason to reinvent the wheel. Begin by following the excellent instructions provided by solarianprogrammer.com 1. I nstall WSL  on Windows 10 2. I nstall and configure VcXsrv Now that you have the necessary setup you should save the config file for VcXsrv. Follow the instructions from step 2 above. Then, after the Extra Settings choose the option to save the configuration: Save the config file (config.xlaunch) somewhere easy to find. Now, create a .bat file on your Desktop. Right-click on Desktop, select New > Text Document. Save file as somename.bat Add the following to your new file: REM Point to saved config file for VcXsrv REM Use the path for your config file here C:\config.xlaunch REM Just giving it a moment to open two windows; 1 for CMD + 1 for VcXsrv TIMEOUT /t 3 REM change to directory to run bash.exe cd C:\Windows\system32\ REM taking another moment, mainly so you can watch what's happening in the CMD window TIMEOUT /t 3 REM now opening a...
Post a Comment
Read more