[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 174
  • Last Modified:

How to stop a user from clearing the vent logs??

Is their a GPO that you can enable that will stop a user from clearing the event viewer logs?
0
stressedout2004
Asked:
stressedout2004
  • 3
  • 3
  • 2
  • +1
1 Solution
 
NzarthCommented:
I would go the whole way and do not give them access to the Control Panel and also bar them from using the Run command via GPO.
0
 
Rant32Commented:
Users can't clear the Event viewer logs, but workstation Administrators can.

There is a GPO in User Rights Assignment that says "Manage auditing and security logs" where you can remove the BUILTIN\Administrators group from tampering with the Security log, but that doesn't affect the Application and System logs.

Only one sound advice I can give: don't let users log on to their clients as Administrator.
0
 
Jay_Jay70Commented:
Hi stressedout2004,

USER config\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Event Viewer  (D)

im not 100% sure on that as it is for mmc snap ins but it should by rights block off viewing the event viewer - just have to test it i guess as i cant at the moment for you

Cheers!
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Rant32Commented:
The above restriction works fine for the MMC snap-in, but Event Viewer can still be accessed from Computer Management.

So, you'll also have to restrict Computer Management for this to work.

Good call James.
0
 
Jay_Jay70Commented:
ahh I am glad you could clarify for me as i am at home and the powerboard on my test system at work died - half my luck

Cheers Rant
0
 
stressedout2004Author Commented:
Hi Rant32
There is a GPO in User Rights Assignment that says "Manage auditing and security logs"

Where is this found??? Im looking in group policy
0
 
Rant32Commented:
Computer > Windows Settings > Local Policies > User rights assignment
0
 
stressedout2004Author Commented:
Thank you so much
0
 
Jay_Jay70Commented:
glad its sorted
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now