Note: The commands described in this article have been tested against Windows 7 operating system.
In certain instances, the Windows Event Log Service mai fail to start and the user gets an error, in most cases an "Access denied" (error code 5). In most cases, this is caused by incorrect permissions. Through various circumstances, the permissions may end up corrupted and affect several aspects of the system functionality. The permissions can be adjusted using the takeown and cacls.
Takeown is a tool allows an administrator to recover access to a file that was denied by re-assigning file ownership. Cacls and its newer variant Icacls displays or modifies access control lists (ACLs) of files. In case a system restart does not fix the problem, here are the folders that have to be reset and the corresponding commands:
The rest of the document is available only to EventID.Net subscribers.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.