You receive an "Access is denied" error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer

Article translations Article translations
Article ID: 842209 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you try to access an event log on a Microsoft Windows Server 2003-based computer or on a Microsoft Windows 2000-based computer, you receive the following error message:
Unable to complete the operation on event log. Access is denied.

CAUSE

By default, the built-in guest group and the built-in domain guest group cannot access the event logs. When a user is a member of the guest group or of the domain guest group, the user cannot access the event logs.

RESOLUTION

To resolve this problem, use one of the following methods.

Method 1

Remove any user or group that must access the event logs from the guest group and from the domain guest group.

If the problem persists, add the user or the group to the permissions list for the event log files. To view an event log, the user or group must have Read permission.

Note The event log files are located in the following folder:
%systemroot%\system32\config

Method 2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


Disable the Restrict guest access to application log guest policy, the Restrict guest access to security log guest policy, or the Restrict guest access to system log group policy from the Guest account in Windows 2000 Server if you want the policy to remain enabled.

To remove policies from the Default Domain Policy Group Policy settings, follow these steps:
  1. Click Start, click Run, type mmc, and then click OK.
  2. On the Console menu, click Add/Remove Snap-in.
  3. Click Add, click Group Policy, click Add, click Browse, click Default Domain Policy, click OK, and then click Finish.
  4. Click Close, and then click OK.
  5. In the left-pane, expand Default Domain Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Event Log, and then click Settings for Event Logs. Double-click Restrict guest access to application log, click to clear the Define this policy setting check box, and then click OK.
  6. Double-click Restrict guest access to security log, click to clear the Define this policy setting check box, and then click OK.
  7. Double-click Restrict guest access to system log, click to clear the Define this policy setting check box, and then click OK.
  8. Click Start, click Run, type regedit, and then click OK.
  9. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
  10. Point to New on the Edit menu, and then click DWORD Value. Type RestrictGuestAccess, and then press ENTER.
  11. Double-click RestrictGuestAccess, type 1 in the Value data box, and then click OK.
  12. Repeat steps 9 through 11 for the following registry subkeys:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security

Properties

Article ID: 842209 - Last Review: October 30, 2006 - Revision: 2.3
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbtshoot kbprb KB842209

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com