Next Topic

Previous Topic

Book Contents

Event log monitor

By default, everyone can read the eventlog, except the Security eventlog. To read the Security eventlog the user must be a member of the administrator group. Access to different event logs are controlled by this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog

You can edit the permissions of this registry key to limit or grant access to the remote eventlog.