Policy
Configure log access
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. If you disable or do not configure this policy setting, only system software and administrators can read or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Log Access ID Channel_Log_FileLogAccess | text | Path Software\Policies\Microsoft\Windows\EventLog\Security Value name ChannelAccess Type REG_SZ | None |