Restrict access to Application and System event logs

  • Section(s): Event Logs, Restriction
  • Published on Apr 20, 2004.
  • Last Modified on Apr 20, 2004.
  • Last Modified by Wayne Maples.
  • Rated 5 out of 5 based on 1 votes.
By default, guests and unauthorized users can read the System and Application event logs (not the Security log). To restrict to authenicated users:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log

Frank Heyne has made available a Windows NT Eventlog FAQ .

About Wayne Maples

Share this article


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

What is your preferred Remote Control solution?