[HELP] AD GPO not applied unexpectedly

[on3mansh0w]

A vendor is configuring a solution for my company that depends on WinRM (Windows Event Forwarding: All clients have to forward logs to a central windows server)..

One of the prerequisites that the vendor requested is to configure a GPO to give the "NETWORK SERVICE" account a permission to read from event logs (NOTE: WinRM service runs as "NETWORK SERVICE" account)..

The configuration should be a two straight-forward steps in a newly created GPO via group policy management (i.e. 1st: adding "Event Log Readers" group to "Restricted Groups" in the GPO and 2nd: adding the "NETWORK SERVICE" account to "Event Log Readers" group).


However when I created the GPO and applied it.. on the client machine I am testing on.. this permission is not given and this error appears on the RSOP (Resultant Set of Policy):

[highlight #FCE94F]The policy "NAME OF THE CREATED GPO" resulted in the following error An unknown error occurred when attempting to open the database.. For more information see %windir%\security\logs\winlogon.log on the target machine.[/highlight]

When I went to see the logs, I didn't find "winlogon.log" file in %windir%\security\logs folder.

All help is much appreciated.