Share via

Does the “BUILT IN\Event Log Readers” have access to read security logs?

David Jenkins 946 Reputation points
2021-10-28T18:52:37.237+00:00

I'm trying to find the correct details on Event forwarding the security logs from all systems including DC's. I've added my system to the Event Log Readers group both for the Domain and on Systems. Gathering from Event logs still fails to work. I do not get information from security logs. Other logs are fine.

I truly need help. I've been trying for so long to get this stuff to work. All the document are either old or don't work or miss a step or are for a different OU and asking to adjust something that isn't there.

Is there a book to recommend? I'll do anything at this point. What a pain .

Windows development | Windows API - Win32
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments
Accepted answer
  1. David Jenkins 946 Reputation points
    2021-10-28T19:53:45.83+00:00

    This article fixed my issue.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/admin-development/events-not-forwarded-by-windows-server-collector

    Seems like very version of WinRM or Event Collections has some issue with SDDL perms.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Jenkins 946 Reputation points
    2021-10-28T19:23:53.543+00:00

    I have found this command that says it does but the security logs are not read.

    144713-image.png

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.