views:

607

answers:

3

How would I set the "overwrite as needed" setting on Event logs other than Application/Security/System? Specifically I'd like to apply this to the Powershell and Windows Powershell Logs, in addition to any other future logs that may be added. This needs to be applied to both server 2003 & 2008.

A: 

Right now you'd need to use SDM Software's GPO cmdlets. That's the only way from within PowerShell to modify the settings within a GPO. But there's no way that I know of to make a change to "any logs which might be added" - I don't think you can modify the system defaults (although I could be wrong - it's not something I've done much).

Don Jones
this doesn't have to be modified _from_ powershell, I just tagged it b/c I'm dealing with the powershell log -- more interested in figuring out where I'd set this in the GPO via whatever means required.
slipsec
A: 

I don't believe their is a GPO for this. But most group policies simply modify the registry.

You could create an adm template that modified the settings, or you could simply write a script to adjust the settings.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\PowerShell

If you are not sure how to manually configure the settings, simply adjust the settings in the event log GUI, and set all your other systems to be the same. You may need to restart the system for the changes to go into effect.

Zoredache
A: 

Computer Configuration-->Windows Settings-->Security Settings-->Event Log