3.2.5.5 Event Log Policies
If the Key value is any value other than those listed as valid in the table in section 2.2.3, the client SHOULD stop processing Event Log policy settings and log an error.
Settings in Event Log Policies (section 2.2.3) are mapped to the Abstract Data Model as specified in [MS-EVEN] section 3.1.1.2, using the log name, which is the same as the header value (section 2.2.3), to determine the registry key whose values are to be updated:
Log Name |
Registry Key |
---|---|
System Log |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\System |
Security Log |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\Security |
Application Log |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\Application |
The registry values in the right column of the following table are set to the value of the key in the left column specified in the Event Log Policies (section 2.2.3) settings.
Group Policy: Security Protocol Extension |
EventLog Remoting Protocol |
---|---|
MaximumLogSize |
MaxSize |
AuditLogRetentionPeriod RetentionDays |
Retention:
|
RestrictGuestAccess |
RestrictGuestAccess |