Fix descriptions of invalid eventlog overflow policy #9293
Conversation
Support for "Retain events older than X days" was dropped in Windows Vista (and it only ever almost worked on XP/Server 2003). This was a breaking change made roughly 15 years ago, and the new policy is documented as being strictly incompatible with the old retention setting: - XP/2003: Set reg value to 0 for "overwrite based on log size", > 0 for "overwrite based on the value as a time", and -1 for "never overwrite events" - Vista onward: Set reg value to 0 for "overwrite based on log size" and any non-zero value for "never overwrite events". Encouraging people to continue to try to utilize the XP/2003 behavior of setting a time will in fact make the system never overwrite events at all, which in turn will break the system when other security policies are applied (e.g. "don't allow users to log in when the security log is full" or "bug check the machine when a security event is lost"). This change does not fully remove every reference to the old behaviors across the entire code base, but it is a start. See the description of the Retention value at https://learn.microsoft.com/en-us/windows/win32/eventlog/eventlog-key for details.
ghost
added
community-contribution
|
Tagging subscribers to this area: @tommcdon Issue DetailsSupport for "Retain events older than X days" was dropped in Windows Vista (and it only ever almost worked on XP/Server 2003). This was a breaking change made roughly 15 years ago, and the new policy is documented as being strictly incompatible with the old retention setting:
Encouraging people to continue to try to utilize the XP/2003 behavior of setting a time will in fact make the system never overwrite events at all, which in turn will break the system when other security policies are applied (e.g. "don't allow users to log in when the security log is full" or "bug check the machine when a security event is lost"). This change does not fully remove every reference to the old behaviors across the entire code base, but it is a start. See the description of the Retention value at https://learn.microsoft.com/en-us/windows/win32/eventlog/eventlog-key for details.
|
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
antonfirsov
requested review from
antonfirsov
and removed request for
antonfirsov
|
/cc @tommcdon |
There was a problem hiding this comment.
Should the deprecated methods be obsoleted instead of just setting the summary to "deprecated"? That way the docs would automatically show a banner similar to this: https://learn.microsoft.com/en-us/dotnet/api/system.codedom.compiler.codedomprovider.createcompiler?view=net-8.0#definition.
Co-authored-by: Genevieve Warren <[email protected]>
That sounds like a good idea, but outside of my expertise. I am wary of causing build breaks for existing code (something we can't do in Win32 land, as much as I'd like to clear out a ton of obsolete nonsense); updating the docs at least lets support engineers point impacted customers in the correct direction. I am hoping the docs can also make it clear that this is deprecated/obsolete based on the Windows version the code is running on, not a specific .Net version (i.e. I don't want a customer to say "the docs claim it is obsolete in .net 9 but we're using .net framework 3 so clearly we're still good to use it"). |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
Learn Build status updates of commit 4c1b573: 💡 Validation status: suggestions
xml/System.Diagnostics/OverflowAction.xml
For more details, please refer to the build report. Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them. For any questions, please:
|
Support for "Retain events older than X days" was dropped in Windows Vista (and it only ever almost worked on XP/Server 2003). This was a breaking change made roughly 15 years ago, and the new policy is documented as being strictly incompatible with the old retention setting:
Encouraging people to continue to try to utilize the XP/2003 behavior of setting a time will in fact make the system never overwrite events at all, which in turn will break the system when other security policies are applied (e.g. "don't allow users to log in when the security log is full" or "bug check the machine when a security event is lost").
This change does not fully remove every reference to the old behaviors across the entire code base, but it is a start.
See the description of the Retention value at https://learn.microsoft.com/en-us/windows/win32/eventlog/eventlog-key for details.