Restrict access to Application and System event logs

Registry Tip #60: Restrict access to Application and System event logs

Hits: Failed to execute CGI : Win32 Error Code = 3

By default, guests and unauthorized users can read the System and Application event logs (not the Security log). To restrict to authenicated users:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\Application
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to Application log

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\EventLog\System
Name: RestrictGuestAccess
Type: REG_DWORD
Value: 1 Restrict access to System log

Frank Heyne has made available a Windows NT Eventlog FAQ .

A must have for NT administrators in corporate or governmental organizations or anyone being audited by a large outside audit firm.
It is not a secrets type guide but it has excellent sound advice and its used by PriceWaterhouse's auditors as a guide.