Microsoft KB Archive/142615

= Event Log Service Fails to Check Access to Security Log File =

Article ID: 142615

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q142615





SYMPTOMS
When you use Event Viewer to examine the Security log file, the Event Log service does not examine the "Manage auditing and security log" privilege as the Concepts and Planning manual states. It does examine the Administrators membership.



Windows NT 4.0
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

Windows NT 3.51
To resolve this problem, contact Microsoft Technical Support to obtain the following fix.

This fix should have the following time stamp:

  02/03/98  09:27p                46,288 Eventlog.dll (Intel) 02/03/98 09:24p                68,880 Eventlog.dll (Alpha)



Windows NT 4.0
Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.

Windows NT 3.51
Microsoft has confirmed this to be a problem in Microsoft Windows NT version 3.51. A supported fix is now available, but has not been fully regression tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next service pack that contains this fix. Contact Microsoft Technical Support for more information.



MORE INFORMATION
The Windows NT Concepts and Planning and System guides state that the "Manage auditing and security log" right allows the grantee to view and clear the Event Log security file.

This right is granted by default to the Administrators group, even if not explicitly added to the "Manage auditing and security log" rights list.

It is possible to grant this right to users and/or groups.

Additional query words: audit

Keywords: kbhotfixserver kbqfe kbbug kbfix KB142615

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.