When you try to access an event log on a Microsoft Windows Server 2003-based computer or on a Microsoft Windows 2000-based computer, you receive the following error message:

Back to the top

By default, the built-in guest group and the built-in domain guest group cannot access the event logs. When a user is a member of the guest group or of the domain guest group, the user cannot access the event logs.

Back to the top

To resolve this problem, use one of the following methods.

Back to the top

Method 1

Remove any user or group that must access the event logs from the guest group and from the domain guest group.

If the problem persists, add the user or the group to the permissions list for the event log files. To view an event log, the user or group must have Read permission.

Note The event log files are located in the following folder:

Back to the top

Method 2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

Disable the Restrict guest access to application log guest policy, the Restrict guest access to security log guest policy, or the Restrict guest access to system log group policy from the Guest account in Windows 2000 Server if you want the policy to remain enabled.

To remove policies from the Default Domain Policy Group Policy settings, follow these steps:

1.	Click Start, click Run, type mmc, and then click OK.
2.	On the Console menu, click Add/Remove Snap-in.
3.	Click Add, click Group Policy, click Add, click Browse, click Default Domain Policy, click OK, and then click Finish.
4.	Click Close, and then click OK.
5.	In the left-pane, expand Default Domain Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Event Log, and then click Settings for Event Logs. Double-click Restrict guest access to application log, click to clear the Define this policy setting check box, and then click OK.
6.	Double-click Restrict guest access to security log, click to clear the Define this policy setting check box, and then click OK.
7.	Double-click Restrict guest access to system log, click to clear the Define this policy setting check box, and then click OK.
8.	Click Start, click Run, type regedit, and then click OK.
9.	Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
10.	Point to New on the Edit menu, and then click DWORD Value. Type RestrictGuestAccess, and then press ENTER.
11.	Double-click RestrictGuestAccess, type 1 in the Value data box, and then click OK.
12.	Repeat steps 9 through 11 for the following registry subkeys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security

Back to the top