Does the “BUILT IN\Event Log Readers” have access to read security logs?

David Jenkins 946 Reputation points
2021-10-28T18:52:37.237+00:00

I'm trying to find the correct details on Event forwarding the security logs from all systems including DC's. I've added my system to the Event Log Readers group both for the Domain and on Systems. Gathering from Event logs still fails to work. I do not get information from security logs. Other logs are fine.

I truly need help. I've been trying for so long to get this stuff to work. All the document are either old or don't work or miss a step or are for a different OU and asking to adjust something that isn't there.

Is there a book to recommend? I'll do anything at this point. What a pain .

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,654 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,725 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,900 questions
0 comments No comments
{count} votes

Accepted answer
  1. David Jenkins 946 Reputation points
    2021-10-28T19:53:45.83+00:00

    This article fixed my issue.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/admin-development/events-not-forwarded-by-windows-server-collector

    Seems like very version of WinRM or Event Collections has some issue with SDDL perms.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. David Jenkins 946 Reputation points
    2021-10-28T19:23:53.543+00:00

    I have found this command that says it does but the security logs are not read.

    144713-image.png

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.