Access Denied: Restricting Guest Access to Logs

Use Group Policy to prevent the Guests group from accessing System and Application event logs.

ITPro Today

December 16, 2002

1 Min Read
ITPro Today logo

I'd like to restrict the Application and System event logs so that only administrators can access them. Is such restriction possible?

Unfortunately, it isn't. Windows lets you prevent members of the Guests group from accessing the Application and System logs, but you can't limit this access to administrators. To prevent guests from viewing the logs, open any Group Policy Object (GPO); navigate to Computer Configuration, Windows Settings, Security Settings, Event Log, Settings for Event Logs, and select Restrict guest access to system log and Restrict guest access to application log.

To configure these policies on a computer that doesn't belong to an Active Directory (AD) domain, you need to edit the registry, because these policies don't appear in the local GPO. Open regedit, navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventlogApplication subkey, and set the Restrict-GuestAccess REG_DWORD value to 1 (create the value if necessary). Make the same change under the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventlogSystem subkey.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like