Users can read Application and System log

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,
Is there a way to restrict access to the Application and System - Eventlog
in 2000 the same way that the Security logs work.
I dont want the users to be able to list the servers Eventlog.
The Restrict Guest is applied
/Stefan Johansson
3 answers Last reply
More about users read application system
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hello Stefan,

    This article should help you:

    You receive an "Access is denied" error message when you try to access an
    event log on a Windows Server 2003-based computer or on a Windows
    2000-based computer -->
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;842209

    Thank You.

    Diana.

    This posting is provided "AS IS" with no warranties, and confers no rights.


    diasmith@online.microsoft.com

    --------------------
    | From: "Stefan Johansson" <newsgroup@enbacken.com>
    | Subject: Users can read Application and System log
    | Date: Tue, 7 Dec 2004 14:42:00 +0100
    | Lines: 8
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    | Message-ID: <#Sw2IKG3EHA.824@TK2MSFTNGP11.phx.gbl>
    | Newsgroups: microsoft.public.win2000.security
    | NNTP-Posting-Host: 194.103.63.153
    | Path:
    cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11
    phx.gbl
    | Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.security:34370
    | X-Tomcat-NG: microsoft.public.win2000.security
    |
    | Hi,
    | Is there a way to restrict access to the Application and System - Eventlog
    | in 2000 the same way that the Security logs work.
    | I dont want the users to be able to list the servers Eventlog.
    | The Restrict Guest is applied
    | /Stefan Johansson
    |
    |
    |


    This posting is provided "AS IS" with no warranties, and confers no rights.


    diasmith@online.microsoft.com
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks for reply but I'm not sure how this will help me.
    Do you mean that I should add all users to the 'Domain Guest' group and
    keep the 'Restrict Guest'.
    I' would rather specify which user accounts that should be allowed to list
    the eventlog and in my case it should only be the Local Administrators
    group.
    Is there a way to do that?

    /Stefan Johansson


    ""Diana Smith [MSFT]"" <diasmith@online.microsoft.com> wrote in message
    news:3OyrH0H3EHA.1512@cpmsftngxa10.phx.gbl...
    > Hello Stefan,
    >
    > This article should help you:
    >
    > You receive an "Access is denied" error message when you try to access an
    > event log on a Windows Server 2003-based computer or on a Windows
    > 2000-based computer -->
    > http://support.microsoft.com/default.aspx?scid=KB;EN-US;842209
    >
    > Thank You.
    >
    > Diana.
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    >
    >
    > diasmith@online.microsoft.com
    >
    > --------------------
    > | From: "Stefan Johansson" <newsgroup@enbacken.com>
    > | Subject: Users can read Application and System log
    > | Date: Tue, 7 Dec 2004 14:42:00 +0100
    > | Lines: 8
    > | X-Priority: 3
    > | X-MSMail-Priority: Normal
    > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
    > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    > | Message-ID: <#Sw2IKG3EHA.824@TK2MSFTNGP11.phx.gbl>
    > | Newsgroups: microsoft.public.win2000.security
    > | NNTP-Posting-Host: 194.103.63.153
    > | Path:
    >
    cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11
    > phx.gbl
    > | Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.security:34370
    > | X-Tomcat-NG: microsoft.public.win2000.security
    > |
    > | Hi,
    > | Is there a way to restrict access to the Application and System -
    Eventlog
    > | in 2000 the same way that the Security logs work.
    > | I dont want the users to be able to list the servers Eventlog.
    > | The Restrict Guest is applied
    > | /Stefan Johansson
    > |
    > |
    > |
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    >
    >
    > diasmith@online.microsoft.com
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Stefan,
    Remove inheritance from the Application and System registry keys
    (HKLM\System\CurrentControlSet\Services\EventLog\ ).
    Select "Copy" permissions when prompted.
    Remove all groups except for Administrators and System.

    "Stefan Johansson" <newsgroup@enbacken.com> wrote in message
    news:%23Sw2IKG3EHA.824@TK2MSFTNGP11.phx.gbl...
    > Hi,
    > Is there a way to restrict access to the Application and System - Eventlog
    > in 2000 the same way that the Security logs work.
    > I dont want the users to be able to list the servers Eventlog.
    > The Restrict Guest is applied
    > /Stefan Johansson
    >
    >
Ask a new question

Read More

Security Microsoft Servers Windows