Access Denied on EventLog in Windows 2008


After hardening file system permissions on a Windows 2008 server, I got the following error when I opened EventViewer:
Event Viewer cannot open the event log or custom view. Verify that Event Log service is running. Access id denied (5).
The problem was generated by missing permissions for NT Service\EventLog user on the folder containing evtx files, by default Local Service Builtin Group has read permissions, if EventLog user miss permission  you'll receive Access Denied.
Tags: , , ,

About author

Vittorio Pavesi

3comments

  1. Anonymous
    5:12 AM

    Hello, I am facing same problem in windows 2008 server. Could you please tell me the details for permission. I checked in "winevt" folder under "C:\Windows\System32\winevt", already "NT Service\EventLog" permission is there on "winevt" folder.

    Please help me.

  2. Does "NT Service\EventLog" user has modify permission in this folder ?

  3. Anonymous
    4:43 PM

    Hi,

    We are facing the same issue in the windows server 2008. I have checked the winevt folder and NT Service\Eventlog has got FULL Access..
    still getting the same error..

    Any help would be highly appreciated.

Post a Comment