The default permissions on the Application and System event log allow Everyone, including guests to view these logs.

To restrict guest access, use Regedt32 to navigate to:


Add Value name RestrictGuestAccess as a type REG_DWORD and set the value to 1 (Restricted). The default is 0 (allow guest access).

Change the security on HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\<LogName> to allow only Administrators and System to have Full Control.

NOTE: The Security log is only viewable by users who have the Manage Audit Logs right.