When you attempt to access one of the following event logs on a Windows Server 2003, you receive a message similar to:

Unable to complete the operation on <event log>. Access is denied.:

Application
Directory Service
DNS Server
File Replication Service
System

This behavior will occur if the Domain Users group is a member of the built-in Guests group.

I have scripted AllowLogAccess.bat to resolve this problem.

To use AllowLogAccess.bat:

1. Log on to the Windows Server 2003 computer with administrative privileges.

2. Open a CMD.EXE window.

3. Type AllowLogAccess and press Enter.

AllowLogAccess.bat works by first determining of the Windows Server 2003 computer is a domain controller. If it is a domain controller, it removes the Domain Users from the built-in Guests group. If the server is NOT a domain controller, it configures the RestrictGuestAccess Value Name for the Application, System, and DNS Server event logs.

AllowLogAccess.bat contains:

@echo off
setlocal
set test=nltest /dclist:%USERDNSDOMAIN%
set fnd1=Findstr /C:"Site:"
set fnd2=Find /I "%ComputerName%"
set dc=N
for /f "Tokens=1 Delims=. " %%d in ('%test%^|%fnd1%^|%fnd2%') do (
 set dc=Y
)
if "%dc%" EQU "N" goto server
@echo net localgroup Guests "Domain Users" /delete
net localgroup Guests "Domain Users" /delete
endlocal
goto :EOF
:server
set key=HKLM\SYSTEM\CurrentControlSet\Services\Eventlog
@echo reg add "%key%\Application" /V RestrictGuestAccess /T REG_DWORD /D 0 /F
reg add "%key%\Application" /V RestrictGuestAccess /T REG_DWORD /D 0 /F
@echo.
@echo reg add "%key%\System" /V RestrictGuestAccess /T REG_DWORD /D 0 /F
reg add "%key%\System" /V RestrictGuestAccess /T REG_DWORD /D 0 /F
@echo.
@echo reg add "%key%\DNS Server" /V RestrictGuestAccess /T REG_DWORD /D 0 /F
reg add "%key%\DNS Server" /V RestrictGuestAccess /T REG_DWORD /D 0 /F
endlocal