Cannot get GPO addition GPO objects to appear in Local or Domain GPOs

Chris Kerr 1 Reputation point

Hi I am running Win 10 20h2 and Server 2016 and 2012 DCc in a AD forest with a couple of child domains.

It has been requested of me to lock down the App, Sys, and Sec, Logs from some specific Admin accounts.

I have been trying to add these entries below into Sceregvl.inf and run the regsvr32 scecli.dll as documented in the article in LInk 1 below and the objects do not show up in Domain GPO or Local GPO. I have also added the Registry entries manually with the correct SDDL in the string. I have also tried adding the statement in the INF file as described in Link2 I cannot get it to work.

Am i missing something?





and then insert the following lines:

AppLogSD="Event log: Specify the security of the application log in Security Descriptor Definition Language (SDDL) syntax"

SecLogSD="Event log: Specify the security of the Security log in Security Descriptor Definition Language (SDDL) syntax"

SysLogSD="Event log: Specify the security of the System log in Security Descriptor Definition Language (SDDL) syntax"Link 1

Link 1 2A Group Policy setting isn't available in the security policy settings list - Windows Server | Microsoft Learn

Link 2

Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,151 questions
{count} votes

1 answer

Sort by: Most helpful
  1. DonPick 1,256 Reputation points

    Hi, are you using the first part of the article (that is the recommended modern method):
    (the follow-on methods after the summary section in the article are older eg for WS2003)