Domain Users Can Remotely Access Event Logs (268559)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0
This article was previously published under Q268559

SYMPTOMS

Domain users and other non-administrator users can remotely access event logs.

RESOLUTION

To resolve this issue, edit the registry to allow only administrators to access event logs remotely.

MORE INFORMATION

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.


Follow these steps to make the necessary changes to the registry:
  1. Run Registry Editor (Regedt32).
  2. Navigate to the following registry location:
    HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/Allowed Paths
  3. In the right pane of the Registry Editor window, double-click the value Machine.
  4. In the Multi-String Editor window, delete the string System\CurrentControlSet\Services\Eventlog, and then click OK.
  5. Quit Registry Editor, and then restart the computer.

Modification Type:MajorLast Reviewed:6/11/2002
Keywords:kbprb KB268559
©2002 Microsoft Corporation. All rights reserved.