troubleshooting Question

Cannot disable read access the Windows 7 security log

Avatar of mtz987
mtz987 asked on
SecurityWindows Server 2008Microsoft Server OS
6 Comments1 Solution171 ViewsLast Modified:
So we have some Windows 7 systems with some security requirements. I am trying to disable read access the security log. The command “wevtutil gl security” shows a result of the following:

channelAccess: O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x7;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x1;;;S-1-5-32-573)

From what little I know of these things, I am thinking that the “(A;;0x3;;;IU)” is giving interactive users read and write of the log (they cannot clear it)

What puzzles me is that the command

wevtutil sl security /ca:O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x7;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x1;;;S-1-5-32-573)

shows immediate results on our normal windows 7 PC’s, but it does NOTHING on the machines in question. The command runs, gives no error, but “wevtutil gl security” still shows the “(A;;0x3;;;IU)” in the channelAccess string.

What am I doing wrong?
ASKER CERTIFIED SOLUTION
Adam Brown
Cloud Security Consultant

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Top Expert 2010

The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.

Join our community to see this answer!
Unlock 1 Answer and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros