Applies to: Windows Server 2008, Windows Server 2008 R2 Error: Windows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied. on WS 2008 R2
Fix: GUI Method
Change NTFS permission of %WINDIR%\System32\WinEvt\Logs directory add Local Service and Network Service, give them FULL access.
Start event viewer service by running following command through elevated cmd (Run as Administrator) net start eventlog CLI Method
Run following commands sequentially from elevated cmd (Run As Administrator) ICACLS C:\Windows\System32\winevt\logs /grant "LOCAL SERVICE:(OI)(CI)(F)" "NETWORK SERVICE:(OI)(CI)(F)" net start eventlog P.S. At times Windows Event Log service doesn't start at all; in such situations, you might need to reboot the server once. Hope that helps !
See Also: Error message when attempting to start the Windows Event Log Service: "Access denied" Community Content: No Security Logging in Windows 2008R2 Server 2008 Event log restore
Richard Mueller edited Revision 11. Comment: Fixed typo in title, added tag, changed tag "Windows 2008 R2" to "Windows Server 2008 R2".
Santosh Bhandarkar edited Revision 10. Comment: tags update
Santosh Bhandarkar edited Revision 9. Comment: snapshots added
Santosh Bhandarkar edited Revision 8. Comment: CLI Method has been added
Santosh Bhandarkar edited Revision 7. Comment: additional URLs have been added
Santosh Bhandarkar edited Revision 5. Comment: Tags Update
Santosh Bhandarkar edited Revision 3. Comment: Applies to section added
Santosh Bhandarkar edited Revision 2. Comment: final version
tags update
Thanks, it worked!
Good to hear that, it worked for you.