locked
Event viewer - Security section not showing categories or descriptions on LOCAL system RRS feed

  • Question

  • I have a XP/SP3 system that has issues with the event viewer. Our auditor has brought to my attention that when she goes to event viewer and security she can no longer see the catagories or descriptions for the different events listed. Everything I've searched for shows that this is a common problem when viewing logs on a remote system however this is happening locally. The odd thing is that one user account (my account which is an admin) can veiw them. If I create a new account (user or admin) they still can not see descriptions. 

    Keep in mind this system has had some host hardening done. The windows file permission have been modified and so have certain security relevant registry entries. I tried giving a specific user full control over C:\windows but that didn't seem to make a difference which is why I'm thinking it is in the registry and not file permissions to .dll or .evt files

    I tried applying the default XP security template in the MMC console but that didn't make a difference. I'm feeling like there is a specific registry entry that has been curropted or modified in some way to break the event viewer.

    Thanks in advance for any help! Below is a sample error message:

    "The description for Event ID ( 538 ) in Source ( Security ) cannot be 

    found. The local computer may not have the necessary registry 
    information or message DLL files to display messages from a remote 
    computer. You may be able to use the /AUXSOURCE= flag to retrieve this 
    description; see Help and Support for details. The following information 
    is part of the event: IUSR_<myUser>, KIP, (0x0,0x5229A9), 3." 


    Tuesday, April 26, 2011 6:54 PM