Access to the event logs is determined by the account under which the application is running. The LocalSystem account is a special account that service applications can use. The Administrator account consists of the administrators for the system. The Server Operator account (ServerOp) consists of the administrators of the domain server. The World account includes all users on all systems.
The following table shows which accounts are granted Read, Write, and Clear access to each log.
Log | Account | Access |
---|---|---|
Application | LocalSystem | Read Write Clear |
Administrator | Read Write Clear |
|
ServerOp | Read Write Clear |
|
World | Read Write |
|
Security | LocalSystem | Read Write Clear |
Administrator | Read Write |
|
World | None | |
System | LocalSystem | Read Write Clear |
Administrator | Read Write Clear |
|
World | Read Clear |
|
ServerOp | Read |
In addition, users can read and clear the Security log if they have been granted one of the following:
For more information, see your Windows documentation.