Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

Question

_{Sunday, August 9, 2015 1:35 AM}

As administrator I can clear all event logs with

wevtutil el | foreach { wevtutil cl $_ }

except this one:

Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

Any suggestions? Thanks!

All replies (4)

_{Tuesday, August 18, 2015 1:17 AM ✅Answered}

Solved.

The log can be cleared by deleting the log file 
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveID%4Operational.evtx.

Access is denied because the log file is locked by 
C:\Windows\System32\svchost.exe.

To delete the log file, its handle needs to be closed first.

OpenedFilesView, a freeware, is handy for identifying and closing file handles.
http://www.nirsoft.net/utils/opened_files_view.html

_{Wednesday, December 7, 2016 3:15 PM ✅Answered | 1 vote}

Access is denied because of restricted (read only) channel access permissions for this event log. One must grant permission to clear for the member of Local Administrators Group:

wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)

_{Monday, August 10, 2015 10:59 AM}

Hi Cedric Chinnok,

I reveived the same error.

Trying to clear the log under Event Viewer also got the Access Denied error.

There should be some additional servies bounded wth this log.

Even I took ownership of the related file under

C:\Windows\System32\winevt\Logs

The clear option is still failed with Access Denied.

Regards

Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].

_{Sunday, August 25, 2019 9:18 PM}

Do not copy that; it is a wrong value, look into the registry; for Windows 10 1809 it must be 

O:BAG:SYD:(A;;0x1;;;SY)(A;;0x1;;;BA)(A;;0x1;;;LA),

and has also no function..