To audit Workstations: Use the Group Policy snap-in to configure "Event Log Settings" in the Group Policy object.
Configuring Event Log Settings for Auditing
Log on to Windows with an account that has Administrator rights.
Ensure that the Group Policy snap-in is installed.
Open the GPMC (Group Policy Management Console).
Edit the GPO that is applied on all selected Workstations (How to select Workstations) that require audit reporting.
Click on the "Group Policy Object" and click on "Edit"
This will direct you to "Group Policy Management Editor"
1. "Computer Configuration -> Windows Settings -> Security Settings -> Event Log-> Retention method for security log ->Overwrite events as needed"
2. "Computer Configuration -> Windows Settings -> Security Settings -> Event Log-> Maximum Security Log Size -> 256MB"