Preventing Users from Accessing Event Logs Through the Network - 28 Sep 2004
Learn how to control access to System and Application logs.
September 27, 2004
How can I prevent someone from accessing event logs on my server through the network?
Windows automatically limits access to the Security log to only those users who have the Manage auditing and security log user right. However, guests can access the System and Application logs. To disable guest access to these logs, open a Group Policy Object (GPO), go to ComputerConfigurationWindows SettingsSecurity SettingsEvent LogSettings for Event Logs, and enable Restrict guest access to system log and Restrict guest access to application. In Windows Server 2003 and Windows XP, these policies are named Prevent local guests group from accessing system log and Prevent local guests group from accessing application log, respectively. Other users will still be able to view these logs provided they possess the Access this computer from the network user right. Windows doesn't offer a more granular way to control access to the logs.
About the Author
You May Also Like