For your information, you can turn this setting on or off with the help of the Local Group Policy Editor and Registry Editor. If you want to use the REGEDIT method, don’t forget to backup Registry files first.
Enable or disable Protected Event Logging using Group Policy
To enable or disable Protected Event Logging in Windows 11/10 using Group Policy, follow these steps: To learn more about these steps, continue reading. To get started, you need to open the Local Group Policy Editor first. For that, press Win+R to open the Run prompt, type gpedit.msc, and hit the Enter button. Once it is opened on your screen, navigate to the following path: Here you can find a setting called Enable Protected Event Logging on the right-hand side. You need to double-click on this setting and choose the Enabled option.
Then, enter the encryption key in the respective box and click the OK button. After that, your log data will be encrypted. In case you want to disable or turn off Protected Event Logging in Windows 11/10, you need to open the same setting in the Local Group Policy Editor and choose the Disabled or Not Configured option. Read: Event Log Manager & Event Log Explorer software.
Turn on or off Protected Event Logging using Registry
To turn on or off Protected Event Logging in Windows 11/10 using Registry, follow these steps: Let’s check out these steps in detail. At first, you need to open the Registry Editor on your computer. For that, press Win+R to display the Run dialog > type regedit > hit the Enter button and click on the Yes option. Once it is opened, navigate to the following path: Right-click on Windows > New > Key and name it as EventLog. Then, right-click on the EventLog key > New > Key and set the name as ProtectedEventLogging.
Here you need to create one REG_DWORD value and one Multi-String Value. For that, right-click on the ProtectedEventLogging key > New >REG_DWORD value and enter the name as EnableProtectedEventLogging. Double-click on it to set the Value data as 1 and click the OK button.
Then, right-click on the ProtectedEventLogging key > New > Multi-String Value and set the name as EncryptionCertificate. Double-click on it to enter the encryption certificate. Once done, click the OK button and reboot your computer. If you want to turn off Protected Event Logging using Registry Editor, you need to delete the REG_DWORD value and Multi-String Value. TIP: Windows Event Viewer Plus is a portable freeware app that lets you view Event Logs faster than the default in-built Windows Event Viewer and also export the Entry to a text file, select the Web Search Button to look up the entry online, to find out more information or troubleshoot errors.
How do I protect Event Logs?
To protect Event Logs on your Windows 11/10 computer, you need to follow the aforementioned guides. There are two ways to do that – using Local Group Policy Editor and Registry Editor. You can follow either method once you have the encryption key.
What are the five types of Event Logs?
For your information, there are five different types of Event Logs – Information, Error, Success Audit, Warning, and Failure Audit. You can encrypt all kinds of Event Logs with the help of the aforementioned tutorials. You can follow the REGEDIT or the GPEDIT method to get the job done. That’s all! Hope this guide helped. Read: How to clear the Event Log in Windows.