Restrict access to Application and System event logs

Admin Tip #25: Restrict access to Application and System event logs

Hits: Failed to execute CGI : Win32 Error Code = 3

By default, guests and unauthorized users can read the System and Application event logs (not the Security log). To restrict to authenicated users, apply these NT Registry hacks:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log

See

Event Log Tips:

Archiving Event Logs
Event Log explained
How to Delete Corrupt Event Viewer Log Files
Forensics: CrashOnAuditFail
Restrict access to Application and System event logs
Security Event Descriptions
Security Events Logon Type Definitions
Security Log Location
Suppress Browser Event Log Messages
Suppress Prevent logging of print jobs
System events in NT4 SP4
User Authentication with Windows NT
User Rights, Definition and List

Frank Heyne has made available a Windows NT Eventlog FAQ .

Book Recommendation:

A must have for NT administrators in corporate or governmental organizations or anyone being audited by a large outside audit firm.
It is not a secrets type guide but it has excellent sound advice and its used by PriceWaterhouse's auditors as a guide.