Restrict access to Application and System event logs

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

By default, guests and unauthorized users can read the System and Application event logs (not the Security log). To restrict to authenicated users:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log

Frank Heyne has made available a Windows NT Eventlog FAQ .

See Also

Featured Links