Permissions needed to read event log messages remotely?

windows-server-2003 windows-event-log
5,373

I believe the issue is not so much that the user can't read the event log, but that the user can't read the event log message files which are used for these particular events.

My blog entry may help shed some light: http://www.eventlogblog.com/blog/2008/04/event-log-message-files-the-de.html.

On the remote system you would need to identify the message files which are used by the particular event source, and then ensure that the user who is running the powershell script has read permission to those files.

I haven't tried this, but it should work.

Share:
5,373

Related videos on Youtube

Victor Zakharov
Author by

Victor Zakharov

MCSD: Web Applications (since 12/14/2013). MCPD: Windows Developer .NET 3.5 (since 09/16/2012). Specializing in Angular / Typescript / .NET Core, in this order, based on recency. My Pluralsight profile: https://app.pluralsight.com/profile/victor-zakharov

Updated on September 18, 2022

Comments

  • Victor Zakharov
    Victor Zakharov almost 2 years

    When running under a limited account, local event log messages are displaying fine, for remote computer I am getting this error:

    The description for Event ID ( xxxxx ) in Source ( yyyyy ) cannot be found.
The local computer may not have the necessary registry information or message 
DLL files to display messages from a remote computer. You may be able to use the
/AUXSOURCE= flag to retrieve this description; see Help and Support for details.
The following information is part of the event: zzzzz.

    Same remote computer works fine under domain administrator. I am currently experimenting with just the Event Viewer, by using Run As. Original issue is a PowerShell script which does Get-EventLog.

    Are there any special permissions that need to be in place to able to read event log messages remotely? Supposedly there is a simple solution in Windows 2008 and higher, i.e. just add user to Event Log Readers group. Is there anything like that for Windows 2003?

    • Victor Zakharov
      Victor Zakharov almost 12 years
      @Ansgar: It applies to all log entries, not just some of them. I tried as Domain Administrator, and also as a limited account - and got different outcome. So by raising permission I got from non-working to working. And you are telling me this is not about permissions?..
    • Lucky Luke
      Lucky Luke over 11 years
      @Ansgar doesn't seem to know what he's talking about in this case. You have clearly identified that this is a permissions issue.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Event Log: atapi - the device did not respond within the timeout period - Freeze
Server Hanging - Server Event Viewer
Windows cannot access the file gpt.ini for GPO error
Windows Server 2003 - "The security log on this system is full." message when logging in
How to automatically backup Windows event logs?
Tracking who installed Software on server
Event ID 6009: is this event triggered only when a user-initiated shutdown has occurred?
What is the best tool for to capturing Windows Event Logs centrally?
Where can I view active directory failed logon attempts?
"Account locked out" security event at midnight