You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

14: How to change or set the PolicyPak Event log size

By default, the PolicyPak Event log located under the "Applications and Services Logs" section in the Event Log (eventvwr.msc) has a size of 1028 KB. If you wish to change the size of the PolicyPak Event log so that more data is retained you can use one of the following methods below.

Method 1: Use the Event Log Graphical User Interface (GUI).

  1. Open the Event Log GUI while logged in as an Administrator of the local machine, then expand the "Applications and Service Logs" section.
  2. Right-click on "PolicyPak" then select "Properties".
  3. In the "Maximum log size (KB):" field specify the new maximum size in KB. For example, for 10.0 MB you would specify 10240.

    Note: The value specified for KB should be divisible by 64 otherwise you will receive the warning message below.

Method 2: Use Group Policy Preferences to set the PolicyPak Event log size to 10 MB via the Registry.

  1. Create a new Group Policy Object and link it to the OU or Domain where the computer objects that need to receive the settings live. Remember to give the GPO a descriptive name (i.e. "GPPrefs - Registry - Set PP Event log to 10 MB").
  2. Expand Computer Configuration > Preferences > Windows Settings > Registry, then select "New" > "Registry Item".

  3. For "Action:" choose "Update", next ensure that "Hive:" is set to HKEY_LOCAL_MACHINE, then set the following values as specified below:

    Key Path: SYSTEM\CurrentControlSet\Services\EventLog\PolicyPak
    Value name: MaxSize
    Value type: REG_DWORD
    Value data: 10485760

    Note: This example illustrates how to set the PP Event log to 10 MB but you can adjust this size as need. Recommend setting the PP Event log size manually first on a test machine then getting the value needed from the registry of the test machine. The size in the Event log GUI is specified in KB and set in increments of 64 KB, however, the MaxSize value in the Registry needs to be in Bytes.

Method 3: Using PolicyPak Scripts Manager

  1. Create a new Group Policy Object and link it to the OU or Domain where the computer objects that need to receive the settings live. Remember to give the GPO a descriptive name (i.e. "PPScripts - Set PP Event log to 10 MB").
  2. Expand Computer Configuration > PolicyPak then right-click on "Scripts Manager" and choose "Add Policy".
  3. Click "Next" on the first screen then "Next" again at the "Specify policy target" screen keeping the default of "Apply this policy to the Computer (default) option.

  4. At the "On Appy action" screen choose "PowerShell script" from the drop down then copy in the following command line to the text window before Clicking "Next".

    New-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\PolicyPak' -Name 'MaxSize' -Value 10485760 -PropertyType DWord -Force -ea SilentlyContinue

    Note: The entire command goes on a single line.

  5. Click "Next" then optionally add a revert action script if you wish, otherwise click "Next" again to skip the "On revert action" screen.
  6. At the "Specify process mode" choose either the "Once" or "Once or when forced" radio button then click "Next".

  7. Lastly, rename the policy with a descriptive name if desired and then click "Finish".

  • 971
  • 10-Sep-2020
  • 230 Views