For operating systems beginning with Windows 7 SP1, Elipse Event Log, since version 4.0, creates a user on the local machine during the installation process, named eeLogs, and adds it to the Performance Log Users group. This user is needed by Elipse Event Log to control log sessions created by processes without administrator privileges on the machine. These new policies comply with Microsoft recommendations to allow granting special rights to processes or users without privileges, aiming to improve system security against malicious users.

But if this user is modified, which includes deleting or editing its parameters, possibly the logs may not have access to session control, because of differences between edited and required configurations, thus leading to event losses. Therefore, it is not advisable to change these settings.

To restore default user settings, users can force the creation of a user by executing the log service installation, eeLogSvc.exe, on a command prompt using the eeLogSvc.exe /i command.

For security reasons regarding the computer in which Elipse Event Log's user was created, this user is as limited as possible, granting only the minimum privileges needed for logs. The following grant restrictions are applied to an eeLogs user:

•Deny access to this computer from the network

•Deny log on locally

•Deny log on through Remote Desktop Services