Solved

Can a Windows 2003 Server Event Log File be changed

Posted on 2010-08-24
4
497 Views
Last Modified: 2013-12-04
We are trying to find out what or who activated a service process on a server and a key log file entry is missing. I recreated the event on a test sever by starting the service and it generates an event log with my name on it. Can the .evt file be opened and changed then replaced.
0
Comment
Question by:brent4257
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 3

Accepted Solution

by:
superggg earned 500 total points
ID: 33511842
Yes
To do this you must disable the event log service from running at boot
reboot, then edit the file (un-attribing it, then using notepad or Word.) Then re-enable the event log service and reboot again.
 
0
 
LVL 3

Expert Comment

by:superggg
ID: 33511855
The log files are located
Windows\System32\config
 
 
0
 
LVL 3

Expert Comment

by:superggg
ID: 33511965
Also a handy little utility
http://www.ntsecurity.nu/toolbox/winzapper/
 
 
0
 
LVL 1

Author Comment

by:brent4257
ID: 33512164
Ok I suspected it could be done now the question is how to prevent this from happening. Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question