Disable delete permissions in Windows event viewer

Question

Hi,

I have an application installed on a Windows 7 that writes its log in the Windows event viewer. As an administrator, I can enter de event viewer and erase entries, but regular users can as well. We can do it by entering in the event viewer, right clicking to the desired log and clicking in "Empty registry...".

Is there a way to remove the permission of emptying the registry to regular users?

Thanks

Answer 1

Hi,

thanks for posting here.

>>Is there a way to remove the permission of emptying the registry to regular users?

The Group Policy has some settings which could customize security access rights to their event logs. You could grant users one or more of the following access rights to event logs:

• Read
• Write
• Clear

Follow these steps below.

1. Click Start, click Run, type gpedit.msc, and then click OK.
2. In the Group Policy editor, expand Windows Setting, expand Security Settings, expand Local Policies, and then expand Security Options.
3. Double-click Event log: System log SDDL, type the SDDL string that you want for the log security, and then click OK.

For more information, please refer to this document below.

https://support.microsoft.com/en-us/help/323076/how-to-set-event-log-security-locally-or-by-using-group-policy

Hope this could be help of you.

Best Regards,

Baron Bi

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.