JSI Tip 0993. Permissions on Event Logs are too loose.

The default permissions on the Application and System event log allow Everyone, including guests to view these logs.

To restrict guest access, use Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\<LogName>

Add Value name RestrictGuestAccess as a type REG_DWORD and set the value to 1 (Restricted). The default is 0 (allow guest access).

Change the security on HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\<LogName> to allow only Administrators and System to have Full Control.

NOTE: The Security log is only viewable by users who have the Manage Audit Logs right.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish