Remote » How to troubleshoot remote event viewer access denied error

How to resolve access denied error while remotely accessing event logs through Event Viewer?

Quick search

    Organizations are rapidly adopting a remote work model and IT admins are the most hit as they are required to monitor the network rigorously from their homes to provide users with a secure working environment.

    The monitoring can be done using native tools by remotely accessing event logs on user's computers. However, while accessing event logs through Event Viewer, administrators often get this error:

    "Error 5: Access is denied"

    This article discusses the causes for the occurrence of this error and the ways to resolve it.

    Causes:

    1. The Microsoft network client: Digitally sign communications (always) option in Group Policy settings is enabled on the remote computer. Click here for the steps to disable this setting.
    2. The LOCAL SERVICE account does not have permissions to access the registry or the Event Viewer on the remote computer. This can happen if the remote computer was upgraded from Microsoft Windows 2000 to Windows XP Professional. Click here to resolve this issue.
    3. The user trying to access the event logs is a member of the Guest group or the domain Guest group. In such a case, the user cannot access the event logs remotely if the machine to be accessed is a Windows Server 2003 or Windows 2000-based computer. To resolve this error, click here.

    Solution for cause 1:

    1. In the computer whose logs need to be accessed, open Group Policy Editor by entering gpedit.msc in the Run window.
    2. Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
    3. Double-click on Microsoft network client: Digitally sign communications (always) and select Disabled.
    4. Click OK to save the changes.
    5. Open Command Prompt and run the command gpupdate/force. This command updates the local group policies as well as domain group policies.

    Solution for cause 2:

    1. In the computer whose logs need to be accessed, open Registry Editor by entering regedit in the Run window.
    2. Navigate to HKEY_LOCAL_MACHINE SYSTEM -> CurrentControlSet -> Control -> SecurePipeServers.
    3. Right click winreg and select Permissions.
    4. Click Add.
    5. Type the name of the user or group that requires access to the event viewer logs on your computer. Click OK.
    6. For the selected user/group, check the box for Allow next to Read in the Permissions for <groupname> list.
    7. Click Apply and restart your computer for the changes to take effect.

    Solution for cause 3:

    1. Open Microsoft Management Console by entering mmc in the Run window.
    2. Under the File menu, click Add/Remove snap-in.
    3. Click Add and then select Group Policy Object Editor.
    4. Browse for Default Domain Policy. Click OK and then Finish.
    5. Click Close and then click OK.
    6. In the left pane of the console, navigate to Default Domain Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Event Log -> Settings for Event Logs.
    7. Double-click Restrict guest access to application log, clear the Define this policy setting checkbox, and then click OK.
    8. Repeat step 7 for Restrict guest access to security log and Restrict guest access to system log.
    9. Open the Registry Editor by entering regedit in the Run window.
    10. Navigate to HKEY_LOCAL_MACHINE -> SYSTEM ->CurrentControlSet -> Services -> EventLog. Select Application.
    11. Under the Edit menu, select New and the click DWORD (32-bit) Value.
    12. Type the name as "RestrictGuestAccess" and press Enter.
    13. Double-click RestrictGuestAccess. In the Value data box, enter value as 1 and click OK.
    14. Repeat the steps 12- 14 for Security as well as System logs under EventLog.

    You could try the above troubleshooting tips to resolve the issue.

    It must be kept in mind that using native tools for log handling becomes a tedious process in the long run, resulting in labour costs, performance degradation and compliance issues. Thankfully, there are solutions that make the job easier for you by centrally managing the logs from your network, while implementing compliance measures.

    EventLog Analyzer is a comprehensive log management solution that helps you remotely collect, analyze, correlate, search through log data, generate reports, and raise real-time alerts—all with just a few clicks. Try EventLog Analyzer now.

    EventLog Analyzer

    EventLog Analyzer, a one-stop log management solution, collects, analyzes, correlates, and archives log data from you on-premises as well as cloud network. With its in-depth log analysis capability, EventLog Analyzer helps enterprises to thwart security threats in real-time, spot anomalous user behaviors, and manage security incidents effectively. Want to know how our solution helps you protect your cloud environment? Check out.

    Download now

    EventLog Analyzer Trusted By

    Los Alamos National Bank Michigan State University
    Panasonic Comcast
    Oklahoma State University IBM
    Accenture Bank of America
    Infosys
    Ernst Young

    Customer Speaks

    • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
      Benjamin Shumaker
      Vice President of IT / ISO
      Credit Union of Denver
    • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
      Joseph Graziano, MCSE CCA VCP
      Senior Network Engineer
      Citadel
    • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
      Joseph E. Veretto
      Operations Review Specialist
      Office of Information System
      Florida Department of Transportation
    • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
      Jim Lloyd
      Information Systems Manager
      First Mountain Bank
    TestimonialsCase Studies

    Awards and Recognitions

    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    A Single Pane of Glass for Comprehensive Log Management
    Log ManagementLog AnalysisIT ComplianceSIEMQuick LinksRelated Products

    © 2020 Zoho Corporation Pvt. Ltd. All rights reserved.