How to stop a user from clearing the vent logs??

Is their a GPO that you can enable that will stop a user from clearing the event viewer logs?
LVL 9
stressedout2004Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NzarthCommented:
I would go the whole way and do not give them access to the Control Panel and also bar them from using the Run command via GPO.
0
Rant32Commented:
Users can't clear the Event viewer logs, but workstation Administrators can.

There is a GPO in User Rights Assignment that says "Manage auditing and security logs" where you can remove the BUILTIN\Administrators group from tampering with the Security log, but that doesn't affect the Application and System logs.

Only one sound advice I can give: don't let users log on to their clients as Administrator.
0
Jay_Jay70Commented:
Hi stressedout2004,

USER config\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Event Viewer  (D)

im not 100% sure on that as it is for mmc snap ins but it should by rights block off viewing the event viewer - just have to test it i guess as i cant at the moment for you

Cheers!
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Rant32Commented:
The above restriction works fine for the MMC snap-in, but Event Viewer can still be accessed from Computer Management.

So, you'll also have to restrict Computer Management for this to work.

Good call James.
0
Jay_Jay70Commented:
ahh I am glad you could clarify for me as i am at home and the powerboard on my test system at work died - half my luck

Cheers Rant
0
stressedout2004Author Commented:
Hi Rant32
There is a GPO in User Rights Assignment that says "Manage auditing and security logs"

Where is this found??? Im looking in group policy
0
Rant32Commented:
Computer > Windows Settings > Local Policies > User rights assignment
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stressedout2004Author Commented:
Thank you so much
0
Jay_Jay70Commented:
glad its sorted
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.