Event Log Service Fails to Check Access to Security Log File

The information in this article applies to:

• Microsoft Windows NT Server versions 3.51 and 4.0
• Microsoft Windows NT Workstation versions 3.51 and 4.0

SYMPTOMS

Despite what is stated in the Windows NT guide "Concept and Planning," when you use Event Log Service to examine the Security log file, the service does not check the "Manage auditing and security log" privilege but checks "Administrators" membership.

RESOLUTION

Obtain the fix mentioned below.

STATUS

Microsoft has confirmed this to be a problem in Windows NT version 3.51 and 4.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available. This problem was corrected in the latest Windows NT 3.51 U.S. Service Pack. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

   S E R V P A C K

MORE INFORMATION

The Windows NT "Concept and Planning" and "System" guides state that the "Manage auditing and security log" right allows the grantee to view and clear the Event Log security file.

This right is granted by default to the Administrators group, even if not explicitly added to the "Manage auditing and security log" rights list.

It is possible to grant this right to users and/or groups.