'Configure log access (legacy)' (System)ID: oval:org.secpod.oval:def:35108 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.
If you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.
If you do not configure this policy setting, the previous policy setting configuration remains in effect.
Counter Measure:
Enable and configure this setting depending on your organization's requirements.
Potential Impact:
Some system software and administrators may not have access to the log.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Configure log access (legacy)
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System!CustomSD
Platform: |
Microsoft Windows 10 |