Shut down system immediately if unable to log security audits

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options


Determines whether the system should shut down if it is unable to log security events.

If this policy is enabled, it causes the system to halt if a security audit cannot be logged for any reason. Typically, an event will fail to be logged when the security audit log is full and the retention method specified for the security log is either Do Not Overwrite Events or Overwrite Events by Days.

If the security log is full and an existing entry cannot be overwritten and this security option is enabled, the following blue screen error will occur:

STOP: C0000244 {Audit Failed}
An attempt to generate a security audit failed.

To recover, an administrator must log on, archive the log (if desired), clear the log, and reset this option as desired.

By default, this policy is disabled.