Log Access (Security)ID: oval:org.secpod.oval:def:19384 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Log Access machine setting should be configured correctly for the security log.
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. If this policy setting is enabled, only those users matching the security descriptor can access the log. If this policy setting is disabled or not configured, then only system software and administrators can read/clear this log.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Log Access
(2) KEY: HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\ChannelAccess
Platform: |
Microsoft Windows Server 2008 R2 |