Forum
2008 serverda event viewer servisini başlatamıyorum. permissionları duzgun gibi duruyor. administratorle baglıyım ve ful yetkisi var.
fikri olan varmı.
aşagıdaki adımları takip ederek sorunumu cozdum.
Default permissions on C:\Windows\system32\winevt\logs Folder should be
Authenticated user - List folder/read data, Read attributes, Read Extended
attributes, Read permissions
Administrators - Full control
SYSTEM - Full control
EventLog - Full control
To restore default permissions on folder "C:\Windows\system32\winevt\logs", follow
these steps.
1. Right click on C:\Windows\system32\winevt\logs and select properties.
2. Select the security tab.
3. Click Edit button and click Add button in permissions dialog box.
4. In Select users, computers, or Groups dialog box ensure that under object types
Built in Security Principals and the location as local computer name is selected.
5. Enter the object name as "NT SERVICE\EventLog" without quotes. And click OK.
This group should have full control on the folder.
6. Once EventLog group is added add the rest of the groups with above mentioned
permissions.
Alternatively you can also achieve this by following below steps
Identify a Windows server 2008 machine with default permissions
1. Click Start, and then type cmd in the Start Search box.
2. In the search results list, right-click Command Prompt, and then click Run as
Administrator.
3. When you are prompted by User Account Control, click Continue.
4. Type the command CD C:\WINDOWS\SYSTEM32
5. Once the working directory is changed to C:\WINDOWS\SYSTEM32 type the command
icacls winevt\* /save acl /T
6. This will save acl file under C:\WINDOWS\SYSTEM32. Copy this file to the
problematic machine's C Drive.
7. On problematic machine open command prompt with administrator privileges (Refer
previous steps 1 to 3)
8. Change the working directory to C:\WINDOWS\SYSTEM32.
9. Execute the command icacls winevt\ /restore acl
Default permissions on the registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability should be
CREATOR OWNER - Full control
SYSTEM - Full control
LOCAL SERVICE - Query Value, Set Value, Create Subkey, Notify and Delete
Administrators - Full control
Users - Read
To set the permission on this registry key
1. Go to start menu, select run and type regedit
2. Go to the location HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability
3. From the edit menu click permissions
4. Add the permissions for accounts as given above.
Geçmiş olsun.Geri bildirim için teşekkürler.