Solved

Error when reading Event viewer security log

Posted on 2004-03-30
6
1,671 Views
Last Modified: 2007-12-19
While logged in on W2K server w/Exchange 2k installed and working fine, all of a sudden I am unable to view my Security Log in event viewer.  All other logs are fine.

I receive a message "unable to complete the operation on "Security Log"
"A required privilege is required by the client"

What does this mean?  I trying logging on as administrator or exch admin and get the same message.  thanks.
0
Comment
Question by:jlagasse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 10714947
One possibility:

http://support.microsoft.com/?kbid=272587
This behavior can occur if the Administrators group has been removed from the "Backup Files and Directories" user right.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 10715815
Another thing to look at: Start secpol.msc, go to Local Policies\User Rights Assignment; make sure the Administrators group is still listed under under "Manage auditing and security log" (by default this is the only group that has this right).
0
 

Author Comment

by:jlagasse
ID: 10716293
I took a look at that and the Administrators Group is correctly set.  Admin group also has rights to "Backup Files and Directories".  Why would this suddenly occur?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 30

Accepted Solution

by:
Rich Weissler earned 125 total points
ID: 10717132
I see it fairly often when I log in as an administrator of a trusted domain, but not as an account which is defined explictly as the administrator on the machine I'm administring.  That probably doesn't help you though.

Something had to have changed... make certain your admin account is still actually a member of the admin group.  Check to see if it is a member of any OTHER groups, and make certain the other groups aren't denied permissions.

Make certain you still have permissions to c:\windows\system32\config.

Make certain the SecEvent.evt file isn't corrupt.  (I.e. Disable event log service, reboot, rename the file, reenable the event log service, reboot.)  See if you can see the Security Event Log now...
0
 

Expert Comment

by:CCNI
ID: 10883021
I had this same problem and found the resolution here.  You're gonna laugh at yourself like I did to myself.

Take "GUESTS" out of the members of list.  

Guests don't have rights to the event logs

:-)
0
 

Author Comment

by:jlagasse
ID: 10884123
What lists?  I am able to see all other event logs except Security.  Thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question