This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 87%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hi All,
We are currently using Windows Server 2022 and Windows 10/11 on laptops for running a windows application. This application logs into the 'Applications and Services Logs' under the 'Event Viewer'.
We want only users with 'Administrator' privileges to be able to view these logs in the 'Event Viewer' (Similar to Security events in the Event Viewer).
We came to the understanding that we can achieve this by modifying the 'ChannelAccess' for the specific application under 'Registry Editor' settings.
The path for the same: 'Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\CustomApp'
But we are not able to know as to what is the actual value that should be set for 'ChannelAccess' for restricting a user.
Can anyone please let us know as to how we can restrict a user access to the Event Viewer logs.
Also if our understanding is wrong or if there is any other way to achieve this, please help us on this.
Any help is appreciated!
Thank you in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 27%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Sorry I posted a screen shot twice, saw it when I posted, went back and it was gone . I guess it got eliminated somehow,
here is the steps to see what I was referring to.
Open GPEDIT.msc.
Go down to User configuration, then Administrative Templates, then Windows Components, then Microsoft Management Console, then Restricted/Permitted Snap-ins,
Then Extension Snap-ins.
Hello @Darrell Gorter ,
We tried to 'Enable' the settings as suggested by you. But it did not do the trick. A non-admin user is still able to see the logs generated by the custom application in the Event Viewer.
We have added the images with the changes, please correct us if we have missed anything!!
The first image shows the navigated path and the Event Viewer enabled.
The second image shows the enabled status on the event viewer.
Hello,
Actually the setting should be disabled. When I set it to disabled I get this when trying to run the snap-in after a reboot. The wording in the description is all that clear, i read it as having to enable and tried setting it that way first, then reread it and set to disabled.
This is my setting, I did have to reboot to get it to take affect.
Not sure if the images I posted are going to show again. Just checked after 10-15 minutes and they aren't here.
Set the policy to disabled and reboot the machine. When I set it to enabled it did not work but I reread the details and set it to disabled and got the error message that it was disabled. I inserted a screenshot if the message and how I had it set. Everything looked correct when I posted. I have been able to post images before, but having issues with this thread for some reason.
Darrell
Hello @Darrell Gorter ,
We tried to disable the settings and rebooted our machine as suggested, but it didnt do the trick.
A non admin user is still able to view the logs generated by our custom application.
Is there any other way that this can be done!!
Hello,
Looks like this group policy allows you to limit the event viewer on a per-user basis.
Hello @Darrell Gorter ,
I believe you may have missed out on a link in your answer. Can you please check once!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello S Abijith,
Thank you for posting in Q&A forum.
Please try to modify Log Properties:
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello @Daisy Zhou ,
We are not able to see the 'Security' tab under the properties of our application. We are able to see only the 'general' tab. Are we missing any settings here??
Hello,
Actually the setting should be disabled. When I set it to disabled I get this when trying to run the snap-in after a reboot. The wording in the description is all that clear, i read it as having to enable and tried setting it that way first, then reread it and set to disabled.
This is my setting, I did have to reboot to get it to take affect.
Darrell