• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1911
  • Last Modified:

Access is denied error when Domain Admins open event viewer through the MMC.

No adminstrators can open the event viewer remotely for any computer or server through the MMC console.  I am a member of the Domain Admin and Enterprise Admins group.  This all the sudden started happening.  No new policies were pushed to the servers or upgrades.  Domain Admins are not members of the domain guests group.  They are also part of the User Rights Assignment policy for "manage auditing and security logs".  This one has really stumped me as we have 3 network classifications and all have the same policies and patches being pushed to it but only this network has the issue.
0
mike926
Asked:
mike926
1 Solution
 
t_hewlettCommented:
Is the "Remote Registry Service" started on the machines affected?
By default it should be, but this would be worth checking on the remote machines. If the service is stopped then there may be a policy setting somewhere that has been changed. Are all the Admin and service accounts secure, has one be abused by some one?
If this is not the case, is there any error logged on the remote machines event log? Is there any more details you can get from the event logs. I guess when accessed locally the machines are fine and the file/logs can be viewed as per normal?
0
 
mike926Author Commented:
The Remote Registry is started on all machines.  All is fine when accessing locally on the servers and there was absolutely no yellow or red errors in any of the logs to indicate a problem.  Also, when managing the server through ADUC I can access everything like services, and local users and groups, but only the event viewer gets an error.
0
 
dreamyguyCommented:
Is this happening on all of the machines? Go to the machine whose event logs you're trying to connect to remotely and see if the "Local service" account has read permissions to this key.

HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg

0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
dreamyguyCommented:
Also run a regmon on the machine on which you're getting access denied errors and see if there are any other keys on which we're getting access denied error messages.
0
 
mike926Author Commented:
Wow..That's what it was.  I forgot that we had to set certain permissions for that registry key because of certain policies by DoD.  After adding local service back i was able to access the event viewer.  It's weird though because i implemented that policy weeks before it actually started happening but it didnt kick in until recently.  Either way, we now know what caused it.  I appreciate your help.
0
 
dreamyguyCommented:
That's awesome! It's good to hear that that did the trick for you ;)
0
 
AdamJurCommented:
In the Built-In OU, are the domain admins part of the built-in\ADMINISTRATORS group?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now