This may take a few lines to setup, so bear with me. My company runs vmware, mix of win xp and win 7 VMs. My tech group have admin rights throughout the domain. We're having some scanning issues and I am trying to get into the logs of our Win XP workstations when they lock up, however, I cannot access the event viewer through computer management.
Here is the breakdown. When I try to access event viewer from a Win 7 VM, I get: Access Denied (5) error. When I try to access event viewer from a Win xp VM, I get: Network path not found.
The odd thing is, if I try to access the logs of a win 7 vm, it works without issue.
I have tried to pull the logs from the vm by backdooring, \vm#\c\windows\system32\config. However when I try to open them, I get Error: The Data is invalid.
I do not have access to group policy, but I am being told it is open for my tech group. Any idea what I could look into to see what is blocking this on the xp desktops?
Thanks.
0 Answers