How to stop a user from clearing the vent logs??

I would go the whole way and do not give them access to the Control Panel and also bar them from using the Run command via GPO.

Users can't clear the Event viewer logs, but workstation Administrators can.

There is a GPO in User Rights Assignment that says "Manage auditing and security logs" where you can remove the BUILTIN\Administrators group from tampering with the Security log, but that doesn't affect the Application and System logs.

Only one sound advice I can give: don't let users log on to their clients as Administrator.

Hi stressedout2004,

USER config\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Event Viewer  (D)

im not 100% sure on that as it is for mmc snap ins but it should by rights block off viewing the event viewer - just have to test it i guess as i cant at the moment for you

Cheers!

The above restriction works fine for the MMC snap-in, but Event Viewer can still be accessed from Computer Management.

So, you'll also have to restrict Computer Management for this to work.

Good call James.

ahh I am glad you could clarify for me as i am at home and the powerboard on my test system at work died - half my luck

Cheers Rant

Hi Rant32
There is a GPO in User Rights Assignment that says "Manage auditing and security logs"

Where is this found??? Im looking in group policy

Thank you so much

glad its sorted