Howto give a Domain User access to Domain Controller logs

If you try to get the Security Eventlog from a Domain Controller by using the Get-Eventlog in Powershell you get the error “Requested registry access is not allowed”

In Windows 2008 and 2008 R2 there is a builtin groups called Event Log Readers. Even if you add a user to the group you will get the same error.


Open regedit.exe.
Go to KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
Right click and Add Read permissions for Event Log Readers.

This entry was posted in Active Directory, Powershell. Bookmark the permalink.