Audit: Shut down system immediately if unable to log security audits

Applies To: Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista

This security policy setting determines whether the system shuts down if it is unable to log security events.

If this policy setting is enabled, it causes the system to stop if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full and the retention method that is specified for the security log is either Do Not Overwrite Events or Overwrite Events by Days.

If the security log is full and an existing entry cannot be overwritten, and this security option is enabled, the following Stop error appears:

STOP: C0000244 {Audit Failed}

An attempt to generate a security audit failed.

To recover, an administrator must log on, archive the log (optional), clear the log, and reset this option as desired. Until this policy setting is reset, only a user who is a member of the Administrators group can log on to the computer, even if the security log is not full.


In versions of Windows earlier than Windows Vista, if you configure this policy setting, changes will not take effect until you restart Windows.

Default: Disabled