I configured my Windows 2008 R2 machine the following way:
- Created a new non-privileged user
- Added this new user to "event log readers" group.
- Granted the user access to the Security Event Log (wevtutil gl security) or sddl in the registry as with Windows 2003 Server.
That all did the job, I can read the event logs including the descriptions.
Now I configured a second machine the same way, but this machine is a Windows 2008 Standard Enterprise server. The difference: On this machine my newly created user can read all the logs, but not the security event log descriptions:
As you see it sais "The description for Event ID...". This happens for every event. When I add this user to the "Administrators" group and also disable UAC I can read all the logs:
So what's the point? The settings allow me to see everything on the Windows 2008 R2 machine, but on the 'Standard' one it does not suffice to get the actual message text? Did I miss something?
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.