I have a XP/SP3 system that has issues with the event viewer. Our auditor has brought to my attention that when she goes to event viewer and security she can no longer see the catagories or descriptions for the different events listed. Everything I've searched
for shows that this is a common problem when viewing logs on a remote system however this is happening locally. The odd thing is that one user account (my account which is an admin) can veiw them. If I create a new account (user or admin) they still can not
see descriptions.
Keep in mind this system has had some host hardening done. The windows file permission have been modified and so have certain security relevant registry entries. I tried giving a specific user full control over C:\windows but that didn't seem to
make a difference which is why I'm thinking it is in the registry and not file permissions to .dll or .evt files
I tried applying the default XP security template in the MMC console but that didn't make a difference. I'm feeling like there is a specific registry entry that has been curropted or modified in some way to break the event viewer.
Thanks in advance for any help! Below is a sample error message:
"The description for Event ID ( 538 ) in Source ( Security ) cannot be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information
is part of the event: IUSR_<myUser>, KIP, (0x0,0x5229A9), 3."
