You receive an "Access is denied" error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer (842209)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you try to access an event log on a Microsoft Windows Server 2003-based computer or on a Microsoft Windows 2000-based computer, you receive the following error message:
Unable to complete the operation on event log. Access is denied.

CAUSE

By default, the built-in guest group and the built-in domain guest group cannot access the event logs. When a user is a member of the guest group or of the domain guest group, the user cannot access the event logs.

RESOLUTION

To resolve this problem, use one of the following methods.

Method 1

Remove any user or group that must access the event logs from the guest group and from the domain guest group.

If the problem persists, add the user or the group to the permissions list for the event log files. To view an event log, the user or group must have Read permission.

Note The event log files are located in the following folder:

%systemroot%\system32\config

Method 2

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Disable the Restrict guest access to application log guest policy, the Restrict guest access to security log guest policy, or the Restrict guest access to system log group policy from the Guest account in Windows 2000 Server if you want the policy to remain enabled.

To remove policies from the Default Domain Policy Group Policy settings, follow these steps:
  1. Click Start, click Run, type mmc, and then click OK.
  2. On the Console menu, click Add/Remove Snap-in.
  3. Click Add, click Group Policy, click Add, click Browse, click Default Domain Policy, click OK, and then click Finish.
  4. Click Close, and then click OK.
  5. In the left-pane, expand Default Domain Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Event Log, and then click Settings for Event Logs. Double-click Restrict guest access to application log, click to clear the Define this policy setting check box, and then click OK.
  6. Double-click Restrict guest access to security log, click to clear the Define this policy setting check box, and then click OK.
  7. Double-click Restrict guest access to system log, click to clear the Define this policy setting check box, and then click OK.
  8. Click Start, click Run, type regedit, and then click OK.
  9. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application

  10. Point to New on the Edit menu, and then click DWORD Value. Type RestrictGuestAccess, and then press ENTER.
  11. Double-click RestrictGuestAccess, type 1 in the Value data box, and then click OK.
  12. Repeat steps 9 through 11 for the following registry subkeys:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security

Modification Type:MajorLast Reviewed:11/12/2004
Keywords:kbtshoot kbprb KB842209 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.