Access Denied while accessing Event Viewer on a remote machine

During the installation of GFI Events Manager application I fell into a problem stating I cannot access remote Microsoft Windows based server Registry.

So... 1 day of troubleshooting to get through this annoying problem...

Environment:

1. Active Directory 2003 (Native) Forest and Domain
2. 2x Domain Controllers, both GC, one site
3. n Windows Server 2003 Servers
4. Installation of GFI EventsManager to gather LOG information

Symptoms:

1. The GFI EventsManager reports errors connecting to DC's event logs (all)
2. The GFI EM downloads the logs from all member servers

After some further investigation:

1. Accessing DC's event log from any server using a Domain Admin-member returns an "Access Denied" error;
2. Accessint member servers' Event Log using same credentials works fine
3. Accessing DC's remote registry returns an Access Denied error.

After longer analysis and troubleshooting, cleanup of GPOs and permissions to make sure the Guest groups (and related) contains no reference to administrative user (none was found - btw) I found out this registry key:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

Missing the built-in security principal "LOCAL SERVICE" with read-only permissions.

To fix the problem:

• Open regedit.exe
• Navigate to the key above
• Right click and choose "permissions"
• Lookup for "LOCAL SERVICE" (or equivalent in your locale) "Built-in security principal"
• Grant the "Read" permission
• Click ok, close the registry
• Restart the "Remote registry" service (no reboot required)

You should now be able to access the remote event log on the DC as well as the HKLM key opening the Remote registry.