CrashOnAuditFail regkey

If you have this regkey set to "1", beware of your disk space running out for any reason. If the drive that houses the Windows event logs gets full and the security log is unable to write entries, this regkey gets set to "2" and only local Administrators will be allowed to connect to and from the server.

To restore functionality, you will need to clear up disk space where the event logs are being stored and then reset the regkey to "1" and reboot the server.

Windows NT provides the "Crash On Audit Fail" flag in the Registry key located in SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail.

Reference: http://technet.microsoft.com/en-us/library/cc963220.aspx