Applies to: Windows Server 2008, Windows Server 2008 R2
Error: Windows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied. on WS 2008 R2
Fix:
GUI Method
Change NTFS permission of %WINDIR%\System32\WinEvt\Logs directory add
Local Service and Network Service, give them
FULL access.
Start event viewer service by running following command through elevated cmd (Run as Administrator)
net start eventlog
CLI Method
Run following commands sequentially from elevated cmd (Run As Administrator)
ICACLS C:\Windows\System32\winevt\logs /grant "LOCAL SERVICE:(OI)(CI)(F)" "NETWORK SERVICE:(OI)(CI)(F)"
net start eventlog
P.S. At times Windows Event Log service doesn't start at all; in such situations, you might need to reboot the server once.
Hope that helps !
See Also:
Error message when attempting to start the Windows Event Log Service: "Access denied"
Community Content:
No Security Logging in Windows 2008R2
Server 2008 Event log restore