Granting access to Security Event Log, Windows 2008 Standard vs. Windows 2008 R2


  • Hi

    I configured my Windows 2008 R2 machine the following way:

    - Created a new non-privileged user
    - Added this new user to "event log readers" group.
    - Granted the user access to the Security Event Log (wevtutil gl security) or sddl in the registry as with Windows 2003 Server.

    That all did the job, I can read the event logs including the descriptions.

    Now I configured a second machine the same way, but this machine is a Windows 2008 Standard Enterprise server. The difference: On this machine my newly created user can read all the logs, but not the security event log descriptions:


    As you see it sais "The description for Event ID...". This happens for every event. When I add this user to the "Administrators" group and also disable UAC I can read all the logs:admin-user

    So what's the point? The settings allow me to see everything on the Windows 2008 R2 machine, but on the 'Standard' one it does not suffice to get the actual message text? Did I miss something?

    Kind regards


    Monday, March 12, 2012 10:08 AM