- Thread Author
-
- #1
Thanks in advance for your assistance. I have a weekly requirement to view and clear the Windows Security Logs on my hardened Windows 7 computer. This has been working fine up until last week. When I open up my saved EventViewer.mmc console, I receive the following error: "Event Log Service is unavailable, verify that the service is running." When I go to services.exe (Run as Administrator) and try to start the Windows Event Log service, I receive the following error: "Windows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied."
Some of the steps already taken to correct this
-Used System Restore to restore to a previous time
-Added "NT SERVICE\EventLog" to the access list for C:\Windows\System32\winevt\logs and applied "Full Control" permissions
-Checked box for "Include inheritable permissions from this object's parent" on the Security properties for C:\Windows\System32\LogFiles\WMI
-Was unable to perform this potential fix due to an "Access Denied" error: Started in Safe Mode, started Cmd" as Administrator and typed "net stop winmgnt" then navigated to C:\Windows\System32\wbem, then tried to rename the Repository folder, but this is when I received my error.
Some of the steps already taken to correct this
-Used System Restore to restore to a previous time
-Added "NT SERVICE\EventLog" to the access list for C:\Windows\System32\winevt\logs and applied "Full Control" permissions
-Checked box for "Include inheritable permissions from this object's parent" on the Security properties for C:\Windows\System32\LogFiles\WMI
-Was unable to perform this potential fix due to an "Access Denied" error: Started in Safe Mode, started Cmd" as Administrator and typed "net stop winmgnt" then navigated to C:\Windows\System32\wbem, then tried to rename the Repository folder, but this is when I received my error.
- Thread Author
-
- #3
Hi there, thanks for your time. I found an article that mentioned to rename the file extensions for "application.evtx, system.evtx, and security.evtx (all located under C:\Windows\System32\winevt\Logs), then restart the Windows Event Log service. I attempted this while booted into Safe Mode and ran Windows Explorer as Administrator. I rebooted into normal mode and the Windows Event Log service started automatically and I was able to get back into the Event Viewer.