locked
No access using GET-Eventlog RRS feed

  • Question

  • Hi, 

    I have a powershell script that needs to read the security logs on the client pc,

    Every time the script runs it gives one of these errors:

     Get-Eventlog: Cannot open log security on machine... Windows has not provided an error code.

    Get-EventLog: Requested registry access is not allowed.

    I tried,putting the user in the eventlog viewer group, disabling firewall and on a windows install without AV and nothing works the only difference between the production environment and lab was that there was a 2003 server that was the main DC and no has been decommissioned and we raised the functional level of the other DCs to 2012r2.


    I am running Server 2012r and 2016.

    Thank you for your help.

    Wednesday, June 27, 2018 4:31 PM

All replies

  • Only admins can view the security log.


    \_(ツ)_/

    Wednesday, June 27, 2018 4:36 PM
  • I am using my admin ID and I still get the error, 

    Is there another group besides event log viewers or security setting that I can change?

    Wednesday, June 27, 2018 6:05 PM
  • You have to be an admin and you have to run from an elevated prompt. 


    \_(ツ)_/

    Wednesday, June 27, 2018 7:59 PM
  • \_(ツ)_/ is working now, I added the run as administrator inside the script, now if I want to have it with an schedule task what would be the parameters?

    Thank you so much for your help.

    Wednesday, June 27, 2018 9:14 PM
  • By default yes, but you can delegate rights to read security logs through a group policy and give a custom group these rights.
    Friday, June 29, 2018 9:51 AM
  • That is a Group Policy issue and not  scripting issue.


    \_(ツ)_/

    Friday, June 29, 2018 9:53 AM