Access denied viewing Internet Explorer event log as a local Administrator

You may find that when you try to access the Internet Explorer event log you see an access denied message.

This is likely because of Microsoft patch KB5018410 (October 11th 2022).

This patch updates the security descriptor for the Internet Explorer event log and applies the following CustomSD security descriptor value.

"O:BAG:SYD:(A;;0x07;;;DA)(A;;0x07;;;LA)(D;;0x07;;;DU)(A;;0x07;;;WD)S:(ML;;0x1;;;LW)"

Translating the security descriptor above shows that it includes a DENY for Domain Users.

 This DENY comes after two Allow ACLs which allow specifically Domain Admins and the local Administrator account to access the event log.

Therefore, if the account that is performing the scan is an Administrator but not a Domain Admin nor specifically the built in Administrator account then access will be denied.


If you're using XIA Configuration to scan Windows machines and experience this issue we added the following optional component:

https://www.centrel-solutions.com/media/xiaconfiguration/adminguideweb/WindowsAgentOptionsTab.html

 

Event Logs (Internet Explorer Log)

Determines whether the Internet Explorer event log should be read for Windows machines when using PowerShell remoting. This is disabled by default due to the security access control list preventing access.

Comments

Post a Comment

Popular posts from this blog

SOLVED: Exchange Online Management PowerShell Connect-ExchangeOnline bug "A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles"

Image
While you're here why not check out our  Exchange audit and documentation tool ? If you're using the Exchange Online Management PowerShell cmdlets you may notice that the following error: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles This error appears in version 3.7.0 (and persists in version 3.7.1) when the following change was made. Integrated WAM (Web Account Manager) in Authentication flows to enhance security. You notice that this error occurs in PowerShell ISE but not in a PowerShell, the issue also appears in any Windows based applications - for example a WinForms application that tries to execute Connect-ExchangeOnline PowerShell ISE A .NET console application does work correctly. .NET console application While you're here why not check out our  Exchange audit and documentation tool ? The error occurs because Microsoft has made the (correct) decision that when an interactive login prompt it must have a parent window so t...
Read more

Windows Server 2016, 2019, 2022, Windows 10 and Windows 11: Date and time "Some settings are managed by your organization".

Image
When you're using the new "Modern" date and time settings in Windows Server 2016, 2019, 2022, Windows 10 and Windows 11 you may find that you can't set the correct date and time and the value "Some settings are managed by your organization". - While you're here - Why not check out our Windows Server Documentation and Audit Tool? The simplest way around this is to go back to the proper control panel using Start, Run, "Control.exe" and searching for "Set the date".  Within here you can set the date and time manually as required If you try and click the Change time zone button you may again get access denied... To resolve this open an elevated command prompt by right clicking the command prompt and selecting Run as Administrator  From there run the command rundll32.exe shell32.dll,Control_RunDLL timedate.cpl This will open the Data and Time control panel app elevated as an Administrator.
Read more

get-windowsfeature : The given key was not present in the dictionary

Image
When you run the get-windowsfeature cmdlet in PowerShell on Windows Server 2012 you may see the following error get-windowsfeature : The given key was not present in the dictionary. At line:1 char:1 + get-windowsfeature + ~~~~~~~~~~~~~~~~~~     + CategoryInfo          : NotSpecified: (:) [Get-WindowsFeature], KeyNotFoundException     + FullyQualifiedErrorId : System.Collections.Generic.KeyNotFoundException,Microsoft.Windows.ServerManager.Commands    .GetWindowsFeatureCommand This seems to occur if there is a problem in the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache As this is just a cache registry key you can try renaming the key to ServerComponentCache.old and then re-running the PowerShell command or refreshing the view in server manager. This recreates the key and rebuilds the server feature information. - While yo...
Read more