Ali's Knowledge Base

Windows automatically limits access to the Security log to only those users who have the Manage auditing and security log user right. However, guests can access the System and Application logs. To disable guest access to these logs, open a Group Policy Object (GPO), go to ComputerConfigurationWindows SettingsSecurity SettingsEvent LogSettings for Event Logs, and enable Restrict guest access to system log and Restrict guest access to application. In Windows Server 2003 and Windows XP, these policies are named Prevent local guests group from accessing system log and Prevent local guests group from accessing application log, respectively. Other users will still be able to view these logs provided they possess the Access this computer from the network user right. Windows doesn’t offer a more granular way to control access to the logs.