Access Denied: Restricting Guest Access to Logs

I'd like to restrict the Application and System event logs so that only administrators can access them. Is such restriction possible?

Unfortunately, it isn't. Windows lets you prevent members of the Guests group from accessing the Application and System logs, but you can't limit this access to administrators. To prevent guests from viewing the logs, open any Group Policy Object (GPO); navigate to Computer Configuration, Windows Settings, Security Settings, Event Log, Settings for Event Logs, and select Restrict guest access to system log and Restrict guest access to application log.

To configure these policies on a computer that doesn't belong to an Active Directory (AD) domain, you need to edit the registry, because these policies don't appear in the local GPO. Open regedit, navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application subkey, and set the Restrict-GuestAccess REG_DWORD value to 1 (create the value if necessary). Make the same change under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System subkey.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.