Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can a Windows 2003 Server Event Log File be changed

Posted on 2010-08-24
4
Medium Priority
?
500 Views
Last Modified: 2013-12-04
We are trying to find out what or who activated a service process on a server and a key log file entry is missing. I recreated the event on a test sever by starting the service and it generates an event log with my name on it. Can the .evt file be opened and changed then replaced.
0
Comment
Question by:brent4257
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 3

Accepted Solution

by:
superggg earned 2000 total points
ID: 33511842
Yes
To do this you must disable the event log service from running at boot
reboot, then edit the file (un-attribing it, then using notepad or Word.) Then re-enable the event log service and reboot again.
 
0
 
LVL 3

Expert Comment

by:superggg
ID: 33511855
The log files are located
Windows\System32\config
 
 
0
 
LVL 3

Expert Comment

by:superggg
ID: 33511965
Also a handy little utility
http://www.ntsecurity.nu/toolbox/winzapper/
 
 
0
 
LVL 1

Author Comment

by:brent4257
ID: 33512164
Ok I suspected it could be done now the question is how to prevent this from happening. Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question