Event Log Service Fails to Check Access to Security Log File

When you use Event Viewer to examine the Security log file, the Event Log service does not examine the "Manage auditing and security log" privilege as the Concepts and Planning manual states. It does examine the Administrators membership.

Windows NT 4.0

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Windows NT 3.51

To resolve this problem, contact Microsoft Technical Support to obtain the following fix.

This fix should have the following time stamp:

Windows NT 4.0

Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.

Windows NT 3.51

Microsoft has confirmed this to be a problem in Microsoft Windows NT version 3.51. A supported fix is now available, but has not been fully regression tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next service pack that contains this fix. Contact Microsoft Technical Support for more information.

The Windows NT Concepts and Planning and System guides state that the "Manage auditing and security log" right allows the grantee to view and clear the Event Log security file.

This right is granted by default to the Administrators group, even if not explicitly added to the "Manage auditing and security log" rights list.

It is possible to grant this right to users and/or groups.