My server has NO Security log, security.evtx. It has an Application Log, a System log and a Set up log, but no Security log. I can access the other log files using Event Viewer. However, when I attempt to access the Security log using Event Viewer I get the following error: Event Viewer cannot open event log or custom view. Verify that Event Log service is running. Access is Denied (5). When I check the System log after a reboot, I see the following error: Log Name: System Source: Microsoft-Windows-Eventlog Date: 11/1/2011 12:39:21 PM Event ID: 23 Task Category: Service startup Level: Error Keywords: Service availability User: LOCAL SERVICE Computer: XXXX Description: The event logging service encountered an error (res=5) while initializing logging resources for channel Security. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" /> <EventID>23</EventID> <Version>0</Version> <Level>2</Level> <Task>100</Task> <Opcode>0</Opcode> <Keywords>0x8000000000020000</Keywords> <TimeCreated SystemTime="2011-11-01T16:39:21.484Z" /> <EventRecordID>67923</EventRecordID> <Correlation /> <Execution ProcessID="940" ThreadID="5836" /> <Channel>System</Channel> <Computer>XXXX</Computer> <Security UserID="S-1-5-19" /> </System> <UserData> <InitChannelLoggingFailure xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog"> <Error Code="5"> </Error> <ChannelPath>Security</ChannelPath> </InitChannelLoggingFailure> </UserData> </Event> Lastly, when I do a directory listing of c:\windows\system32\winevt\logs\, there is no Security.evtx file. BTW, there are several other Win08 servers in the AD OU and getting the same GP. Any help you can provide is greatly appreciated. Thanks.

Nevermind. Adding Local Service with Full Control to c:\windows\system32\winevt\logs has cleared up the problem.

Roni Having the same problem...I tried your fix by adding Local Service. It didn't work for me. Any other suggestions? I have compared two machines...one where everything works and the other that does not. It seems I am missing "eventlog" from the registry. "Local Machine/System/CurrentControlSet/services/eventlog/security" On the working machine the access list for security shows System, admininstrators, and eventlog as uses or groups. Eventlog user/group is missing from the system that is not working. I did not remove it and it is apparently not an object that can be added. Could this be the problem or just a piece?