Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Access Denied (Error 5) when trying to start Windows Event L

May 1, 2017 8:54AM PDT

Thanks in advance for your assistance. I have a weekly requirement to view and clear the Windows Security Logs on my hardened Windows 7 computer. This has been working fine up until last week. When I open up my saved EventViewer.mmc console, I receive the following error: "Event Log Service is unavailable, verify that the service is running." When I go to services.exe (Run as Administrator) and try to start the Windows Event Log service, I receive the following error: "Windows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied."

Some of the steps already taken to correct this

-Used System Restore to restore to a previous time

-Added "NT SERVICE\EventLog" to the access list for C:\Windows\System32\winevt\logs and applied "Full Control" permissions

-Checked box for "Include inheritable permissions from this object's parent" on the Security properties for C:\Windows\System32\LogFiles\WMI

-Was unable to perform this potential fix due to an "Access Denied" error: Started in Safe Mode, started Cmd" as Administrator and typed "net stop winmgnt" then navigated to C:\Windows\System32\wbem, then tried to rename the Repository folder, but this is when I received my error.

Discussion is locked

- Collapse -
Answer
The thing is.
May 1, 2017 9:03AM PDT

Post was last edited on November 2, 2017 8:57 AM PDT

- Collapse -
Answer
Found the fix (at least for my situation)
May 1, 2017 1:25PM PDT

Hi there, thanks for your time. I found an article that mentioned to rename the file extensions for "application.evtx, system.evtx, and security.evtx (all located under C:\Windows\System32\winevt\Logs), then restart the Windows Event Log service. I attempted this while booted into Safe Mode and ran Windows Explorer as Administrator. I rebooted into normal mode and the Windows Event Log service started automatically and I was able to get back into the Event Viewer.

- Collapse -
Any idea why the OS took damage like that?
May 1, 2017 1:36PM PDT

If this happens, I wonder why.

- Collapse -
Answer
Perhaps it might work
Oct 31, 2017 1:32AM PDT

1. Open the properties of the main.

2. User Profile folder where the files are located (such as Documents, Pictures, etc.). You can open the properties of a particular folder by Right-clicking on it and select Properties from context menu.

3. Go to the Security tab and click Advanced. Check the box at the bottom of this window. It is labeled "Replace all child object permissions with inheritable permissions from this object" and then click OK.

This does a one-time action that replaces the security on all the files/subfolders. It’s one-time, so you won’t find that box checked if you peek at it later.

Reference links:





Please let me know if it’s working.