By default, the Authenticated Users in the system have only read permissions on the system. So, if an authenticated user is using a SharePoint site and if there occurs an exception, the system will throw a access denied exception while trying to update the Event viewer log. For this reason, the authenticated users must be given permissions to be able to write to the event viewer log. Follow the steps below to do this:
- Start->Run->Regedit
- Browse to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\
- Open the Application leaf and modify the CustomSD key (create CustomSD key if it doesn't exist already)
- Ensure the value set on this key is: (This SID represents NT AUTHORITY\Authenticated Users):
(O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-11))
- Restart the server
For additional info refer to the link: http://support.microsoft.com/default.aspx?kbid=323076