Specify the 'Configure log access (legacy) - Event Log Service\Setup (SDDL String)' value This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. If you enable this policy setting, only those users matching the security descriptor can access the log. If you disable this policy setting, all authenticated users and system services can write, read, or clear this log. If you do not configure this policy setting, the previous policy setting configuration remains in effect. Counter Measure: Enable and configure this setting depending on your organization's requirements. Potential Impact: Some authenticated users and system services may not have access to the log. [log access] (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Configure log access (legacy) - Event Log Service\Setup oval:org.secpod.oval:def:35120 SCAP Repo OVAL Definition 2016-06-10