Users can read Application and System log

  • Thread starter Stefan Johansson
  • Start date
S

Stefan Johansson

Hi,
Is there a way to restrict access to the Application and System - Eventlog
in 2000 the same way that the Security logs work.
I dont want the users to be able to list the servers Eventlog.
The Restrict Guest is applied
/Stefan Johansson
 
D

Diana Smith [MSFT]

Hello Stefan,

This article should help you:

You receive an "Access is denied" error message when you try to access an
event log on a Windows Server 2003-based computer or on a Windows
2000-based computer -->
http://support.microsoft.com/default.aspx?scid=KB;EN-US;842209

Thank You.

Diana.

This posting is provided "AS IS" with no warranties, and confers no rights.


(e-mail address removed)

--------------------
| From: "Stefan Johansson" <[email protected]>
| Subject: Users can read Application and System log
| Date: Tue, 7 Dec 2004 14:42:00 +0100
| Lines: 8
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.security
| NNTP-Posting-Host: 194.103.63.153
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.security:34370
| X-Tomcat-NG: microsoft.public.win2000.security
|
| Hi,
| Is there a way to restrict access to the Application and System - Eventlog
| in 2000 the same way that the Security logs work.
| I dont want the users to be able to list the servers Eventlog.
| The Restrict Guest is applied
| /Stefan Johansson
|
|
|


This posting is provided "AS IS" with no warranties, and confers no rights.


(e-mail address removed)
 
S

Stefan Johansson

Thanks for reply but I'm not sure how this will help me.
Do you mean that I should add all users to the 'Domain Guest' group and
keep the 'Restrict Guest'.
I' would rather specify which user accounts that should be allowed to list
the eventlog and in my case it should only be the Local Administrators
group.
Is there a way to do that?

/Stefan Johansson
 
P

PaulMc

Stefan,
Remove inheritance from the Application and System registry keys
(HKLM\System\CurrentControlSet\Services\EventLog\ ).
Select "Copy" permissions when prompted.
Remove all groups except for Administrators and System.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remote Event Log 2
"Event Log" missing in Services 5
Writing to EventLog 2
Local Power Users Group 3
Re: Application, Security and System log files - where are they located 2
Exporting the System/Application event log 1
EventLog class / Windows event logs 2
EventlLog - How to Query all the different logs 3

Top