Improving Secruity using the Registry

[MrRaza]

Maybe we can 'Sticky' this, When I find helpful hints and tweaks, I will post them here, anyone else can add information as well.

The event log contains sensitive data about applications, security and system events. You don't want anyone other than administrators to have access to the logs.

System Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentContorlSet\Services\EventLog

Value Name: RestrictGuestAccess

Data Type: REG_WORD (DWORD Value)

Value: (0 = guest access, 1 - restricted access)

[Grok]

Isnt that only useful to restrict access for the event viewer application, not the logs themselves?  Someone can still read the log files using another viewer or copy them to another PC?

[MrRaza]

Isnt that only useful to restrict access for the event viewer application, not the logs themselves?  Someone can still read the log files using another viewer or copy them to another PC?

Well, an event log viewer would infact let you view the log regardless of this. Copying them to another computer would let them view it if no restrictions were enabled for them too on that computer. I just put this here to further restrict a guest from viewing files that he or she wasn't suppose too without them going out of there way. I'm not sure as of now where the event logs are even curently stored on the computer, I'll have to look into that sometime. Maybe it's possible to put a password on the folder that these log files are in or put restrictions on it so only an administrator user would be able to view the contents.