resolution for “Unable to Start Windows Event Log service”.

By -
 resolution for “Unable to Start Windows Event Log service”.

When you try to start the Windows Event Log service from the services console on
either Windows Server 2008 computers, the Windows Event Log service fails.
Additionally, you receive the following error message:
"Error 5: Access denied"
CAUSE

This problem happens if any of the following conditions are true.
1. The built-in security group EventLog missing permission on folder
C:\Windows\System32\winevt\Logs
2. Local Service account do not have default permission on registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability

*** Resolution ***

Default permissions on C:\Windows\system32\winevt\logs Folder should be

Authenticated user - List folder/read data, Read attributes, Read Extended
attributes, Read permissions
Administrators - Full control
SYSTEM - Full control
EventLog - Full control

To restore default permissions on folder "C:\Windows\system32\winevt\logs", follow
these steps.

1. Right click on C:\Windows\system32\winevt\logs and select properties.
2. Select the security tab.
3. Click Edit button and click Add button in permissions dialog box.
4. In Select users, computers, or Groups dialog box ensure that under object types
Built in Security Principals and the location as local computer name is selected.
5. Enter the object name as "NT SERVICE\EventLog" without quotes. And click OK.
This group should have full control on the folder.
6. Once EventLog group is added add the rest of the groups with above mentioned
permissions.
7.start the service

Comments

Post a Comment

Popular posts from this blog

Boot configuration Data Store --BCDEdit /set

By -
The  BCDEdit /set  command sets a boot entry option value in the Windows boot configuration data store (BCD). Use the  BCDEdit /set  command to configure specific boot entry elements, such as kernel debugger settings, data execution protection (DEP) and processor address extension (PAE) options, and to load alternate hardware abstraction layer (HAL) and kernel files. You can use these boot entry options when you are testing and debugging your driver for Windows Vista, Windows 7, and later versions of Windows. bcdedit /set [{ID}] datatype value Parameters [ { ID }] The  { ID }  is the GUID that is associated with the boot entry. If you do not specify an  { ID } , the command modifies the current operating system boot entry. If a boot entry is specified, the GUID associated with the boot entry must be enclosed in braces  { } . To view the GUID identifiers for all of the active boot entries, use the  bcdedit /enum  command. datatype value The fol
Read more

ADSI Edit

By -
Image
ADSI Edit (adsiedit.msc) Updated: March 19, 2010 Applies To: Windows SBS 2008, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2 Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. This topic includes the following sections: Installing ADSI Edit Using ADSI Edit
Read more

Userenv logging (User Environment logging)

By -
When you enable userenv logging, you can perform debug logging of the user profile and the system policy processes. Userenv log files also contain information about the status of each Group Policy extension, such as Application Deployment, Security, and Folder Redirection. Userenv log files reveal what is occurring in the background as a user logs on   Userenv.log file located in the %SystemRoot%\Debug\UserMode folder Userenv log files contains information about the following: Group Policy settings that are not processed or not applied as expected Folder redirection that does not occur Profile or registry hive load, unload, or deletion failures Logon script, or script not applied as expected Default behaviors occurring because a slow link was detected Roaming profile issues Slow logon issues Whether a given GPO is accessible, and if not, why access was denied. The name of the domain controller that is accessing SYSVOL. The Userenv log has a maximum size of 1 megabyt
Read more