Restrict access to Application and System event logs
By default, guests and unauthorized users can read the System and Application
event logs (not the Security log). To restrict to authenicated users:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name:
RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name:
RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log
Frank Heyne has made available a Windows NT
Eventlog FAQ .