The default permissions on the Application and System event log allow Everyone, including guests to view these logs.
To restrict guest access, use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\<LogName>
Add Value name RestrictGuestAccess as a type REG_DWORD and set the value to 1 (Restricted). The default is 0 (allow guest access).
Change the security on HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\<LogName> to allow only Administrators and System to have Full Control.
NOTE: The Security log is only viewable by users who have the Manage Audit Logs right.
0 comments
Hide comments