This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 56.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi I am running Win 10 20h2 and Server 2016 and 2012 DCc in a AD forest with a couple of child domains.
It has been requested of me to lock down the App, Sys, and Sec, Logs from some specific Admin accounts.
I have been trying to add these entries below into Sceregvl.inf and run the regsvr32 scecli.dll as documented in the article in LInk 1 below and the objects do not show up in Domain GPO or Local GPO. I have also added the Registry entries manually with the correct SDDL in the string. I have also tried adding the statement in the INF file as described in Link2 I cannot get it to work.
Am i missing something?
Chris
CKMACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD,1,%AppLogSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\Security\CustomSD,1,%SecLogSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\System\CustomSD,1,%SysLogSD%,2
and then insert the following lines:
AppLogSD="Event log: Specify the security of the application log in Security Descriptor Definition Language (SDDL) syntax"
SecLogSD="Event log: Specify the security of the Security log in Security Descriptor Definition Language (SDDL) syntax"
SysLogSD="Event log: Specify the security of the System log in Security Descriptor Definition Language (SDDL) syntax"Link 1
Link 1
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/set-event-log-security-locally-or-via-group-policyLink 2A Group Policy setting isn't available in the security policy settings list - Windows Server | Microsoft Learn
Link 2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 60%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Anyone else got any ideas?
Hi, are you using the first part of the article (that is the recommended modern method):
https://learn.microsoft.com/en-AU/troubleshoot/windows-server/group-policy/set-event-log-security-locally-or-via-group-policy#summary
(the follow-on methods after the summary section in the article are older eg for WS2003)
Hi DonPickard-7259
Thanks for stepping in to help! I did follow this article verbatim and it is pretty straight forward. As a double-check, I even had someone else repeat the process with no sucess That is why i am at a loss on why it didn't work,
It didn't even create the Registry keys.
Chris