When you attempt to access one of the following event logs on a Windows Server 2003, you receive a message similar to:
Unable to complete the operation on <event log>. Access is denied.:
Application
Directory Service
DNS Server
File Replication Service
System
This behavior will occur if the Domain Users group is a member of the built-in Guests group.
I have scripted AllowLogAccess.bat to resolve this problem.
To use AllowLogAccess.bat:
1. Log on to the Windows Server 2003 computer with administrative privileges.
2. Open a CMD.EXE window.
3. Type AllowLogAccess and press Enter.
AllowLogAccess.bat works by first determining of the Windows Server 2003 computer is a domain controller. If it is a domain controller, it removes the Domain Users from the built-in Guests group. If the server is NOT a domain controller, it configures the RestrictGuestAccess Value Name for the Application, System, and DNS Server event logs.
AllowLogAccess.bat contains:
@echo off setlocal set test=nltest /dclist:%USERDNSDOMAIN% set fnd1=Findstr /C:"Site:" set fnd2=Find /I "%ComputerName%" set dc=N for /f "Tokens=1 Delims=. " %%d in ('%test%^|%fnd1%^|%fnd2%') do ( set dc=Y ) if "%dc%" EQU "N" goto server @echo net localgroup Guests "Domain Users" /delete net localgroup Guests "Domain Users" /delete endlocal goto :EOF :server set key=HKLM\SYSTEM\CurrentControlSet\Services\Eventlog @echo reg add "%key%\Application" /V RestrictGuestAccess /T REG_DWORD /D 0 /F reg add "%key%\Application" /V RestrictGuestAccess /T REG_DWORD /D 0 /F @echo. @echo reg add "%key%\System" /V RestrictGuestAccess /T REG_DWORD /D 0 /F reg add "%key%\System" /V RestrictGuestAccess /T REG_DWORD /D 0 /F @echo. @echo reg add "%key%\DNS Server" /V RestrictGuestAccess /T REG_DWORD /D 0 /F reg add "%key%\DNS Server" /V RestrictGuestAccess /T REG_DWORD /D 0 /F endlocal