Restrict access to Application and System event logs


By default, guests and unauthorized users can read the System and Application
event logs (not the Security log). To restrict to authenicated users, apply
these NT Registry hacks:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name:
RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name:
RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log

See Windows NT 4.0 Server Security Guide







Event Log Tips:

Archiving Event Logs
Event Log explained
How to Delete
Corrupt Event Viewer Log Files

Forensics:
CrashOnAuditFail

Restrict access to Application
and System event logs

Security Event
Descriptions

Security Events Logon Type
Definitions

Security Log Location
Suppress Browser Event Log Messages
Suppress Prevent logging of print jobs
System events in NT4 SP4
User Authentication with Windows NT
User Rights, Definition and List

Frank Heyne has made
available a Windows NT Eventlog FAQ .

Leave a Comment

Your email address will not be published.

Scroll to Top