Limit remote access to the Event Log Service
Supported on: At least Windows 11 Version 22H1
Registry
Software\Policies\Microsoft\Windows\EventLog Value name: EnableRemoteRpcAccessRestrictions
Enabled: EnableRemoteRpcAccessRestrictions = 1
Disabled: EnableRemoteRpcAccessRestrictions = 0
Options
RpcAccess_Remote_Setting enum - Authenticated Users
->
0 - Event Log Readers
->
1 - Administrators
->
2
Description
This policy setting controls which remote users will be allowed to connect to the Event Log service on this machine. If you enable this policy, you can restrict which group remote users must be a member of in order to connect to the Event Log Service on this machine. You can require that remote users be a member of one of the following builtin groups: • Authenticated Users • EventLog Readers • Administrators If you disable or do not configure this policy, the default value will be Authenticated Users. For prior versions of Windows, only Authenticated Users was supported. To maintain backwards compatability, local connections to the service will always be allowed from Authenticated Users. This setting does not control access to individual logs. Once a remote connection is allowed, it will still need access to the specific resources it is attempting to use.