How can I restrict guest access to Event logs?

A. By default guests and anonymous can view the event log, this may give away important information and so anonymous/guest access can be disabled as follows:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
  3. Move to the subkey Application
  4. From the Edit menu select New - DWORD value. Enter a name of RestrictGuestAccess. click OK
  5. Double click the new value and set to 1
  6. Repeat steps 4 and 5 for the Security and System sub-keys also.

In fact this is also governed by the registry rights on the corresponding eventlog paramters (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog - application and system). You can even remove Administrators rights to read the files by using the registry rights. Use REGEDT32.EXE to change these rights.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.