There is no way to delete event logs while the EventLog service is running, and the is no way to STOP the EventLog service.
You can use the following procedure to remotely remove the subject event logs:
NOTE: This procedure uses REG.EXE, built into Windows XP, Windows Server 2003, and later operating systems, or installed from the Windows 2000 Support Tools.
1. Open a CMD.EXE Window.
2. Type REG ADD \\DemotedDC\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog /V Start /T REG_DWORD /F /D 4 and press Enter, where DemotedDC is the NetBIOS computer name of the demoted domain controller.
3. Use PsShutdown.exe to restart DemotedDC.
NOTE: Ignore any error messages about service failures.
4. Open a CMD.EXE Window.
5. Type the following commands, pressing Enter after each line:
del /q /f %SystemRoot%\System32\Config\DnsEvent.Evt del /q /f %SystemRoot%\System32\Config\NTDS.Evt del /q /f %SystemRoot%\System32\Config\NtFrs.Evt REG DELETE "\\DemotedDC\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Directory Service" /F REG DELETE "\\DemotedDC\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\DNS Server" /F REG DELETE "\\DemotedDC\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\File Replication Service" /F REG ADD \\DemotedDC\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog /V Start /T REG_DWORD /F /D 26. Use PsShutdown.exe to restart DemotedDC.
