I'm trying to grant read access to the event logs of our Windows 2008 domain controller using the Event Log Reader built-in security group and Group Policy, according to
However, this is not working. At first I thought it was a firewall issue. I enabled inbound rule
"Remote Event Log Management (RPC)"
which did not fix it. My test user gets the following error when trying to access the event logs via the Event Viewer:
"Event Viewer cannot open the event log or custom view. Verify that Event Log
service is running or query is too long. Access is denied (5)"
The numerous references I've found to the "Event Log Readers" group don't mention any additional required steps. I've confirmed with the GPMC Group Policy Results wizard that the policy setting is getting set.
Does anyone know what the missing step(s) are I need to do?