none
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied. RRS feed

  • Question

  • As administrator I can clear all event logs with

    wevtutil el | foreach { wevtutil cl $_ }

    except this one:

    Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

    Any suggestions? Thanks!

    Sunday, August 9, 2015 1:35 AM

Answers

  • Access is denied because of restricted (read only) channel access permissions for this event log. One must grant permission to clear for the member of Local Administrators Group:

    wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)

    • Marked as answer by Cedric Chinnok Friday, December 9, 2016 12:21 AM
    Wednesday, December 7, 2016 3:15 PM
  • Solved.

    The log can be cleared by deleting the log file 
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveID%4Operational.evtx.

    Access is denied because the log file is locked by 
    C:\Windows\System32\svchost.exe.

    To delete the log file, its handle needs to be closed first.

    OpenedFilesView, a freeware, is handy for identifying and closing file handles.
    http://www.nirsoft.net/utils/opened_files_view.html



    Tuesday, August 18, 2015 1:17 AM

All replies

  • Hi Cedric Chinnok,

    I reveived the same error.

    Trying to clear the log under Event Viewer also got the Access Denied error.

    There should be some additional servies bounded wth this log.

    Even I took ownership of the related file under

    C:\Windows\System32\winevt\Logs

    The clear option is still failed with Access Denied.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, August 10, 2015 10:59 AM
    Moderator
  • Solved.

    The log can be cleared by deleting the log file 
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveID%4Operational.evtx.

    Access is denied because the log file is locked by 
    C:\Windows\System32\svchost.exe.

    To delete the log file, its handle needs to be closed first.

    OpenedFilesView, a freeware, is handy for identifying and closing file handles.
    http://www.nirsoft.net/utils/opened_files_view.html



    Tuesday, August 18, 2015 1:17 AM
  • Access is denied because of restricted (read only) channel access permissions for this event log. One must grant permission to clear for the member of Local Administrators Group:

    wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)

    • Marked as answer by Cedric Chinnok Friday, December 9, 2016 12:21 AM
    Wednesday, December 7, 2016 3:15 PM