Event Viewer Accessibility Settings

S Abijith 386 Reputation points
2024-09-16T15:32:38.14+00:00

Hi All,

We are currently using Windows Server 2022 and Windows 10/11 on laptops for running a windows application. This application logs into the 'Applications and Services Logs' under the 'Event Viewer'.

We want only users with 'Administrator' privileges to be able to view these logs in the 'Event Viewer' (Similar to Security events in the Event Viewer).

We came to the understanding that we can achieve this by modifying the 'ChannelAccess' for the specific application under 'Registry Editor' settings.

The path for the same: 'Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\CustomApp'

But we are not able to know as to what is the actual value that should be set for 'ChannelAccess' for restricting a user.

Can anyone please let us know as to how we can restrict a user access to the Event Viewer logs.

Also if our understanding is wrong or if there is any other way to achieve this, please help us on this.

Any help is appreciated!

Thank you in advance!

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,403 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,093 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Darrell Gorter 1,891 Reputation points
    2024-09-16T16:09:03.59+00:00

    Hello,

    Looks like this group policy allows you to limit the event viewer on a per-user basis.


  2. Daisy Zhou 24,046 Reputation points Microsoft Vendor
    2024-09-18T08:20:54.82+00:00

    Hello S Abijith

    Thank you for posting in Q&A forum.

    Please try to modify Log Properties:

    1.  In the Event Viewer, navigate to the specific log you want to restrict. For example, if you want to restrict access to the Application log, expand Applications and Services Logs. Right-click on the log you want to restrict and select Properties.
    2. Edit Security: In the Properties window, go to the Security tab. Here, you can see the list of users and groups that have access to the log.
    3. Remove Non-Administrator Users: Remove any users or groups that should not have access to the log. Ensure that only the Administrators group remains.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  3. Darrell Gorter 1,891 Reputation points
    2024-09-20T19:33:38.3566667+00:00

    Hello,

    Actually the setting should be disabled. When I set it to disabled I get this when trying to run the snap-in after a reboot. The wording in the description is all that clear, i read it as having to enable and tried setting it that way first, then reread it and set to disabled.

    User's image

    This is my setting, I did have to reboot to get it to take affect.

    User's image

    Darrell

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.