When you attempt to access one of the following event logs on a Windows Server 2003, you receive a message similar to:

Unable to complete the operation on <event log>. Access is denied.:

Application
Directory Service
DNS Server
File Replication Service
System

This behavior will occur if the Domain Users group is a member of the built-in Guests group.

I have scripted AllowLogAccess.bat to resolve this problem.

To use AllowLogAccess.bat:

1. Log on to the Windows Server 2003 computer with administrative privileges.

2. Open a CMD.EXE window.

3. Type AllowLogAccess and press Enter.

AllowLogAccess.bat works by first determining of the Windows Server 2003 computer is a domain controller. If it is a domain controller, it removes the Domain Users from the built-in Guests group. If the server is NOT a domain controller, it configures the RestrictGuestAccess Value Name for the Application, System, and DNS Server event logs.

AllowLogAccess.bat contains:

                              @echo off                              setlocal                              set test=nltest /dclist:%USERDNSDOMAIN%                              set fnd1=Findstr /C:"Site:"                              set fnd2=Find /I "%ComputerName%"                              set dc=N                              for /f "Tokens=1 Delims=. " %%d in ('%test%^|%fnd1%^|%fnd2%') do (                               set dc=Y                              )                               if "%dc%" EQU "N" goto server                              @echo net localgroup Guests "Domain Users" /delete                              net localgroup Guests "Domain Users" /delete                              endlocal                              goto :EOF                              :server                              set key=HKLM\SYSTEM\CurrentControlSet\Services\Eventlog                              @echo reg add "%key%\Application" /V RestrictGuestAccess /T REG_DWORD /D 0 /F                              reg add "%key%\Application" /V RestrictGuestAccess /T REG_DWORD /D 0 /F                              @echo.                              @echo reg add "%key%\System" /V RestrictGuestAccess /T REG_DWORD /D 0 /F                              reg add "%key%\System" /V RestrictGuestAccess /T REG_DWORD /D 0 /F                              @echo.                              @echo reg add "%key%\DNS Server" /V RestrictGuestAccess /T REG_DWORD /D 0 /F                              reg add "%key%\DNS Server" /V RestrictGuestAccess /T REG_DWORD /D 0 /F                              endlocal