Access Denied on EventLog in Windows 2008


After hardening file system permissions on a Windows 2008 server, I got the following error when I opened EventViewer:
Event Viewer cannot open the event log or custom view. Verify that Event Log service is running. Access id denied (5).
The problem was generated by missing permissions for NT Service\EventLog user on the folder containing evtx files, by default Local Service Builtin Group has read permissions, if EventLog user miss permission  you'll receive Access Denied.
Share on Google Plus

About Vittorio Pavesi

    Blogger Comment
    Facebook Comment

3 comments:

Anonymous said...

Hello, I am facing same problem in windows 2008 server. Could you please tell me the details for permission. I checked in "winevt" folder under "C:\Windows\System32\winevt", already "NT Service\EventLog" permission is there on "winevt" folder.

Please help me.

Vittorio Pavesi said...

Does "NT Service\EventLog" user has modify permission in this folder ?

Anonymous said...

Hi,

We are facing the same issue in the windows server 2008. I have checked the winevt folder and NT Service\Eventlog has got FULL Access..
still getting the same error..

Any help would be highly appreciated.