Skip navigation

Preventing Users from Accessing Event Logs Through the Network - 28 Sep 2004

How can I prevent someone from accessing event logs on my server through the network?

Windows automatically limits access to the Security log to only those users who have the Manage auditing and security log user right. However, guests can access the System and Application logs. To disable guest access to these logs, open a Group Policy Object (GPO), go to Computer\Configuration\Windows Settings\Security Settings\Event Log\Settings for Event Logs, and enable Restrict guest access to system log and Restrict guest access to application. In Windows Server 2003 and Windows XP, these policies are named Prevent local guests group from accessing system log and Prevent local guests group from accessing application log, respectively. Other users will still be able to view these logs provided they possess the Access this computer from the network user right. Windows doesn't offer a more granular way to control access to the logs.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish