KB842209 Win2k3 You receive an “Access is denied” error message when you try to access an event log

You receive an “Access is denied” error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS

When you try to access an event log on a Microsoft Windows Server 2003-based computer or on a Microsoft Windows 2000-based computer, you receive the following error message:

Unable to complete the operation on event log. Access is denied.
CAUSE

By default, the built-in guest group and the built-in domain guest group cannot access the event logs. When a user is a member of the guest group or of the domain guest group, the user cannot access the event logs.

RESOLUTION

To resolve this problem, use one of the following methods.

Method 1

Remove any user or group that must access the event logs from the guest group and from the domain guest group.

If the problem persists, add the user or the group to the permissions list for the event log files. To view an event log, the user or group must have Read permission.

Note The event log files are located in the following folder:

%systemroot%\system32\config

Method 2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

Disable the Restrict guest access to application log guest policy, the Restrict guest access to security log guest policy, or the Restrict guest access to system log group policy from the Guest account in Windows 2000 Server if you want the policy to remain enabled.

To remove policies from the Default Domain Policy Group Policy settings, follow these steps:

  1. Click Start, click Run, type mmc, and then click OK.
  2. On the Console menu, click Add/Remove Snap-in.
  3. Click Add, click Group Policy, click Add, click Browse, click Default Domain Policy, click OK, and then click Finish.
  4. Click Close, and then click OK.
  5. In the left-pane, expand Default Domain Policy, expand Computer Configuration, expandWindows Settings, expand Security Settings, expand Event Log, and then click Settings for Event Logs. Double-click Restrict guest access to application log, click to clear the Define this policy setting check box, and then click OK.
  6. Double-click Restrict guest access to security log, click to clear the Define this policy setting check box, and then click OK.
  7. Double-click Restrict guest access to system log, click to clear the Define this policy setting check box, and then click OK.
  8. Click Start, click Run, type regedit, and then click OK.
  9. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
  10. Point to New on the Edit menu, and then click DWORD Value. Type RestrictGuestAccess, and then press ENTER.
  11. Double-click RestrictGuestAccess, type 1 in the Value data box, and then click OK.
  12. Repeat steps 9 through 11 for the following registry subkeys:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
Properties

Article ID: 842209 – Last Review: 10/30/2006 21:27:10 – Revision: 2.3

Applies to

  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s