locked
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    As administrator I can clear all event logs with

    wevtutil el | foreach { wevtutil cl $_ }

    except this one:

    Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

    Any suggestions? Thanks!

    Sunday, August 9, 2015 1:35 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Access is denied because of restricted (read only) channel access permissions for this event log. One must grant permission to clear for the member of Local Administrators Group:

    wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)

    • Marked as answer by Cedric Chinnok Friday, December 9, 2016 12:21 AM
    Wednesday, December 7, 2016 3:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Solved.

    The log can be cleared by deleting the log file 
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveID%4Operational.evtx.

    Access is denied because the log file is locked by 
    C:\Windows\System32\svchost.exe.

    To delete the log file, its handle needs to be closed first.

    OpenedFilesView, a freeware, is handy for identifying and closing file handles.
    http://www.nirsoft.net/utils/opened_files_view.html



    • Edited by Cedric Chinnok Tuesday, August 18, 2015 4:28 AM
    • Marked as answer by Michael_LS Tuesday, August 18, 2015 9:41 AM
    Tuesday, August 18, 2015 1:17 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Cedric Chinnok,

    I reveived the same error.

    Trying to clear the log under Event Viewer also got the Access Denied error.

    There should be some additional servies bounded wth this log.

    Even I took ownership of the related file under

    C:\Windows\System32\winevt\Logs

    The clear option is still failed with Access Denied.

    Regards

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, August 10, 2015 10:59 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Solved.

    The log can be cleared by deleting the log file 
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveID%4Operational.evtx.

    Access is denied because the log file is locked by 
    C:\Windows\System32\svchost.exe.

    To delete the log file, its handle needs to be closed first.

    OpenedFilesView, a freeware, is handy for identifying and closing file handles.
    http://www.nirsoft.net/utils/opened_files_view.html



    • Edited by Cedric Chinnok Tuesday, August 18, 2015 4:28 AM
    • Marked as answer by Michael_LS Tuesday, August 18, 2015 9:41 AM
    Tuesday, August 18, 2015 1:17 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Access is denied because of restricted (read only) channel access permissions for this event log. One must grant permission to clear for the member of Local Administrators Group:

    wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)

    • Marked as answer by Cedric Chinnok Friday, December 9, 2016 12:21 AM
    Wednesday, December 7, 2016 3:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Do not copy that; it is a wrong value, look into the registry; for Windows 10 1809 it must be 

    O:BAG:SYD:(A;;0x1;;;SY)(A;;0x1;;;BA)(A;;0x1;;;LA),

    and has also no function..

    Sunday, August 25, 2019 9:18 PM