In a Windows Server 2003-Based domain, if a domain user is also a local administrator, the domain user may be able to access and view security logs. This behavior occurs even if the domain user does not have the Manage auditing and security log
This issue occurs because of behavior that occurs when a member of the local administrators group runs the Event Viewer Microsoft Management Console (MMC) snap-in. In Windows Server 2003, not all actions are performed under the context of the user who runs the process. Some actions that are performed by event viewer run under the context of the SYSTEM account. These actions that run under the context of the SYSTEM account cause the issue.Note
This behavior changes if you run Event Viewer by using a user account that is not a member of the local administrators group.
No resolution currently exists for this behavior.