The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to enable or disable Protected Event Logging in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

If you want to enable or disable Protected Event Logging in Windows 11 and Windows 10, this step-by-step guide helps you go through the process. However, you must include an Encryption certificate if you want to enable Protected Event Logging in Windows 11/10.

For your information, you can turn this setting on or off with the help of the Local Group Policy Editor and Registry Editor. If you want to use the REGEDIT method, don’t forget to backup Registry files first.

Enable or disable Protected Event Logging using Group Policy

To enable or disable Protected Event Logging in Windows 11/10 using Group Policy, follow these steps:

  1. Press Win+R to open the Run prompt.
  2. Type mscand hit the Enter button.
  3. Navigate to Event Logging in Computer Configuration.
  4. Double-click on the Enable Protected Event Logging 
  5. Choose the Enabled option.
  6. Enter the encryption certificate.
  7. Click the OK button.

To learn more about these steps, continue reading.

To get started, you need to open the Local Group Policy Editor first. For that, press Win+R to open the Run prompt, type gpedit.msc, and hit the Enter button.

Once it is opened on your screen, navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > Event Logging

Here you can find a setting called Enable Protected Event Logging on the right-hand side. You need to double-click on this setting and choose the Enabled option.

How to enable or disable Protected Event Logging in Windows 11/10

Then, enter the encryption key in the respective box and click the OK button.

After that, your log data will be encrypted. In case you want to disable or turn off Protected Event Logging in Windows 11/10, you need to open the same setting in the Local Group Policy Editor and choose the Disabled or Not Configured option.

Read: Event Log Manager & Event Log Explorer software.

Turn on or off Protected Event Logging using Registry

To turn on or off Protected Event Logging in Windows 11/10 using Registry, follow these steps:

  1. Press Win+R to display the Run prompt.
  2. Type regedit > press the Enter button > click the Yes 
  3. Navigate to Windows in HKLM.
  4. Right-click on Windows > New > Key.
  5. Name it as EventLog.
  6. Right-click on EventLog > New > Key.
  7. Name it as ProtectedEventLogging.
  8. Right-click on ProtectedEventLogging > New > DWORD (32-bit) Value.
  9. Set the name as EnableProtectedEventLogging.
  10. Double-click on it to set the Value data as 1.
  11. Right-click on ProtectedEventLogging > New > Multi-String Value.
  12. Name it as EncryptionCertificate.
  13. Double-click on it to enter the encryption certificate.
  14. Click the OK button.
  15. Reboot your computer.

Let’s check out these steps in detail.

At first, you need to open the Registry Editor on your computer. For that, press Win+R to display the Run dialog > type regedit > hit the Enter button and click on the Yes option.

Once it is opened, navigate to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

Right-click on Windows > New > Key and name it as EventLog. Then, right-click on the EventLog key > New > Key and set the name as ProtectedEventLogging.

How to enable or disable Protected Event Logging in Windows 11/10

Here you need to create one REG_DWORD value and one Multi-String Value. For that, right-click on the ProtectedEventLogging key > New >REG_DWORD value and enter the name as EnableProtectedEventLogging.

Double-click on it to set the Value data as 1 and click the OK button.

How to enable or disable Protected Event Logging in Windows 11/10

Then, right-click on the ProtectedEventLogging key > New > Multi-String Value and set the name as EncryptionCertificate.

Double-click on it to enter the encryption certificate.

Once done, click the OK button and reboot your computer.

If you want to turn off Protected Event Logging using Registry Editor, you need to delete the REG_DWORD value and Multi-String Value.

TIP: Windows Event Viewer Plus is a portable freeware app that lets you view Event Logs faster than the default in-built Windows Event Viewer and also export the Entry to a text file, select the Web Search Button to look up the entry online, to find out more information or troubleshoot errors.

How do I change Event Viewer settings?

You can change the Event Viewer settings for a particular log file by opening its properties. Right-click on the log file you want to change the Event Viewer settings for and select properties. Now, in the properties window, you can change the maximum log size, overwrite events, clear the log manually, etc.

What are the five types of Event Logs?

For your information, there are five different types of Event Logs – Information, Error, Success Audit, Warning, and Failure Audit. You can encrypt all kinds of Event Logs with the help of the aforementioned tutorials. You can follow the REGEDIT or the GPEDIT method to get the job done.

That’s all! Hope this guide helped.

Read: How to clear the Event Log in Windows.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.