Organizations are rapidly adopting a remote work model and IT admins are the most hit as they are required to monitor the network rigorously from their homes to provide users with a secure working environment.
The monitoring can be done using native tools by remotely accessing event logs on user's computers. However, while accessing event logs through Event Viewer, administrators often get this error:
"Error 5: Access is denied"
This article discusses the causes for the occurrence of this error and the ways to resolve it.
Causes:
- The Microsoft network client: Digitally sign communications (always) option in Group Policy settings is enabled on the remote computer. Click here for the steps to disable this setting.
- The LOCAL SERVICE account does not have permissions to access the registry or the Event Viewer on the remote computer. This can happen if the remote computer was upgraded from Microsoft Windows 2000 to Windows XP Professional. Click here to resolve this issue.
- The user trying to access the event logs is a member of the Guest group or the domain Guest group. In such a case, the user cannot access the event logs remotely if the machine to be accessed is a Windows Server 2003 or Windows 2000-based computer. To resolve this error, click here.
Solution for cause 1:
- In the computer whose logs need to be accessed, open Group Policy Editor by entering gpedit.msc in the Run window.
- Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
- Double-click on Microsoft network client: Digitally sign communications (always) and select Disabled.
- Click OK to save the changes.
- Open Command Prompt and run the command gpupdate/force. This command updates the local group policies as well as domain group policies.
Solution for cause 2:
- In the computer whose logs need to be accessed, open Registry Editor by entering regedit in the Run window.
- Navigate to HKEY_LOCAL_MACHINE SYSTEM -> CurrentControlSet -> Control -> SecurePipeServers.
- Right click winreg and select Permissions.
- Click Add.
- Type the name of the user or group that requires access to the event viewer logs on your computer. Click OK.
- For the selected user/group, check the box for Allow next to Read in the Permissions for <groupname> list.
- Click Apply and restart your computer for the changes to take effect.
Solution for cause 3:
- Open Microsoft Management Console by entering mmc in the Run window.
- Under the File menu, click Add/Remove snap-in.
- Click Add and then select Group Policy Object Editor.
- Browse for Default Domain Policy. Click OK and then Finish.
- Click Close and then click OK.
- In the left pane of the console, navigate to Default Domain Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Event Log -> Settings for Event Logs.
- Double-click Restrict guest access to application log, clear the Define this policy setting checkbox, and then click OK.
- Repeat step 7 for Restrict guest access to security log and Restrict guest access to system log.
- Open the Registry Editor by entering regedit in the Run window.
- Navigate to HKEY_LOCAL_MACHINE -> SYSTEM ->CurrentControlSet -> Services -> EventLog. Select Application.
- Under the Edit menu, select New and the click DWORD (32-bit) Value.
- Type the name as "RestrictGuestAccess" and press Enter.
- Double-click RestrictGuestAccess. In the Value data box, enter value as 1 and click OK.
- Repeat the steps 12- 14 for Security as well as System logs under EventLog.
You could try the above troubleshooting tips to resolve the issue.
It must be kept in mind that using native tools for log handling becomes a tedious process in the long run, resulting in labour costs, performance degradation and compliance issues. Thankfully, there are solutions that make the job easier for you by centrally managing the logs from your network, while implementing compliance measures.
EventLog Analyzer is a comprehensive log management solution that helps you remotely collect, analyze, correlate, search through log data, generate reports, and raise real-time alerts—all with just a few clicks. Try EventLog Analyzer now.