Access Event Viewer remotely

[Guest]

I am having a small problem with viewing the event viewer remotely. I have a
small closed network that has one windows 2000 server, 3 windows 2000
professional machines and 2 windows XP machines. I can connect to all of the
machines remotely using the computer management console and access most of
the tools and services. If I access the win 2000 pro systems I can see and
read the event viewer, but if I connect to a win XP machine it gives me a
access denied error when I attempt to open the event viewer.
I am using the domain admin account.
When I log on directly to the XP machine using the domain admin account I
can access the security policy and event viewer.
I have it set in the group security policy so that my account can manage
security logs.
I have the Local XP firewalls disabled or turned off.
This has happened to other similar closed networks where I have a win 2000
server and a XP system.
Any suggestions or comments will be appreciated
Thanks
Glenn

 

[Steven L Umbach]

Are these XP Pro computers?? Is the remote registry service started on them?
Are there any logon failures in the security log of the XP computer at the
times when you attempted to access Event Viewer? --- Steve

 

[Guest]

Steven
It is a Windows XP Pro system with SP2, The remote registry is started and
there is a security event.
The security event is 534 with the source being Security and the Logon Type 3.
The reason is "The user has not been granted the requested logon type at
this machine"
I do not know why it says this, because I can log on directly to the XP
workstation and I can access the event viewer, but as soon as I try it
remotely with the management console it denys me access. I am logging on with
the domain admin account and the computer is part of my domain. Also all my
2000 workstations have no problem. I can open the console remotely for the XP
computer, but as soon as I click the event viewer it gives me a Access debied
error.
Glenn

 

[Steven L Umbach]

Can you access the administrator share such as C$ on that computer from the
same client computer where you are trying to access Event Viewer. A couple
things to check is the membership of the administrators group on that XP
computer which can easily be done with the command net localgroup
administrators. By default domain admins should be a member but possibly it
was removed somehow.

Since you go a logon failure for "The user has not been granted the
requested logon type" and if that failure corresponded to the time when you
were trying to access Event Viewer I would open Local Security Policy
[secpol.msc] on that XP computer and go to local policies/user rights where
you should see administrators included in the user right for access this
computer from the network and also check the corresponding deny access this
computer from the network to make sure that your user account is not a
member of any group or explicitly listed there keeping in mind that
administrators are also members of everyone, users, domain users, and
authenticated users groups. If you need to make changes to user rights you
should be able to do it in Local Security Policy unless there is a domain
level policy overriding those user rights in which case you would have
modify the Group Policy applying those settings or create a new Group Policy
for those computers that could override the current domain level Group
Policy. You can run rsop.msc on the XP Pro computer to see what Group Policy
settings are being applied and by what GPO. --- Steve