ISSUE : Unable to Start Windows Event Log service.

ERROR : Error 5: Access denied

When you try to start the Windows Event Log service from the services console on either Windows Server 2008 computers, the Windows Event Log service fails. Additionally, you receive the following error message: "Error 5: Access denied"


This problem happens if any of the following conditions are true.

  1. The built-in security group EventLog missing permission on folder C:\Windows\System32\winevt\Logs
  2. Local Service account do not have default permission on registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability


Default permissions on C:\Windows\system32\winevt\logs Folder should be Authenticated user – List folder/read data, Read attributes, Read Extended attributes, Read permissions

Administrators – Full control
SYSTEM – Full control
EventLog – Full control
To restore default permissions on folder “C:\Windows\system32\winevt\logs”, follow these steps.

  1. Right click on C:\Windows\system32\winevt\logs and select properties.
  2. Select the security tab.
  3. Click Edit button and click Add button in permissions dialog box.
  4. In Select users, computers, or Groups dialog box ensure that under object types
    Built in Security Principals and the location as local computer name is selected.
  5. Enter the object name as “NT SERVICE\EventLog” without quotes. And click OK.
  6. This group should have full control on the folder. Once EventLog group is added add the rest of the groups with above mentioned permissions.
  7. Start the service


Special Thanks to Shubham Sharma.