Sign In

Enabling Event Logging for Authenticated Users

Saru Ponnusamy Senior SharePoint Consultant
Oct 01, 2008

By default, the Authenticated Users in the system have only read permissions on the system. So, if an authenticated user is using a SharePoint site and if there occurs an exception, the system will throw a access denied exception while trying to update the Event viewer log. For this reason, the authenticated users must be given permissions to be able to write to the event viewer log. Follow the steps below to do this:

  • Start->Run->Regedit
  • Browse to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\
  • Open the Application leaf and modify the CustomSD key (create CustomSD key if it doesn't exist already)
  • Ensure the value set on this key is: (This SID represents NT AUTHORITY\Authenticated Users):
    (O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-11))
  • Restart the server

For additional info refer to the link: http://support.microsoft.com/default.aspx?kbid=323076

Call

WebKMS Consultants Diary

On this Consultants Diary column, we share some of the problems we faced and how we solved for the benefit of our readers. We hope you find this real-world solutions useful and appreciate your interest and valuable feedback.

We update this column frequently, and encourage you to come back as often as you can.

We would also be glad to welcome if you have any specific request and we will try our best to post a solution on this column.

Doc collaboration Enterprise Intranet