Restrict access to Application and System event logs


By default, guests and unauthorized users can read the System and Application
event logs (not the Security log). To restrict to authenicated users:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name:
RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name:
RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log

Frank Heyne has made available a Windows NT
Eventlog FAQ
.

Leave a Comment

Your email address will not be published.

Scroll to Top