Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1676
  • Last Modified:

Error when reading Event viewer security log

While logged in on W2K server w/Exchange 2k installed and working fine, all of a sudden I am unable to view my Security Log in event viewer.  All other logs are fine.

I receive a message "unable to complete the operation on "Security Log"
"A required privilege is required by the client"

What does this mean?  I trying logging on as administrator or exch admin and get the same message.  thanks.
0
jlagasse
Asked:
jlagasse
1 Solution
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
One possibility:

http://support.microsoft.com/?kbid=272587
This behavior can occur if the Administrators group has been removed from the "Backup Files and Directories" user right.
0
 
oBdACommented:
Another thing to look at: Start secpol.msc, go to Local Policies\User Rights Assignment; make sure the Administrators group is still listed under under "Manage auditing and security log" (by default this is the only group that has this right).
0
 
jlagasseAuthor Commented:
I took a look at that and the Administrators Group is correctly set.  Admin group also has rights to "Backup Files and Directories".  Why would this suddenly occur?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I see it fairly often when I log in as an administrator of a trusted domain, but not as an account which is defined explictly as the administrator on the machine I'm administring.  That probably doesn't help you though.

Something had to have changed... make certain your admin account is still actually a member of the admin group.  Check to see if it is a member of any OTHER groups, and make certain the other groups aren't denied permissions.

Make certain you still have permissions to c:\windows\system32\config.

Make certain the SecEvent.evt file isn't corrupt.  (I.e. Disable event log service, reboot, rename the file, reenable the event log service, reboot.)  See if you can see the Security Event Log now...
0
 
CCNICommented:
I had this same problem and found the resolution here.  You're gonna laugh at yourself like I did to myself.

Take "GUESTS" out of the members of list.  

Guests don't have rights to the event logs

:-)
0
 
jlagasseAuthor Commented:
What lists?  I am able to see all other event logs except Security.  Thanks.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now