This article was previously published under Q186494
This article has been archived. It is offered "as is" and will no longer be updated.
When an administrator deletes all events from the security event log, anevent for this action is reported in the security event log as event ID517. This event is not generated by non-administrators who have been giventhe "Manage auditing and security logs" right.
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.