Managing audit and security log right

Toggle sidebar Toggle sidebar
J

jp

Distinguished
Apr 1, 2004
523
0
18,980
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Windows 2000 PDC
Multiple servers - NT 4, 2000, 2003

When I try to assign the "Managing audit and security log" right to my
network technician, he can view the logs but the option to clear them is
grayed out.

I've tried a local policy on each server, no dice.
I've added him to the Domain Controller Security Policy, and it works fine
there. He can clear the logs on the PDC.

I added him to the Domain Security Policy in hopes it would roll out to the
other machines. (I've manually refreshed with secedit /refreshpolicy
machine_policy) I can see his SID show up under one of the 2000 Servers
Local Security Policy as being effective, but it will not allow his user id
to clear the logs. He can view, but the option to clear is grayed out. His
user id is also part of Domain Users, Account Operators, Server Operators,
and Backup Operators.

I'm fresh out of ideas at the moment. Any suggestions?
 
J

jp

Distinguished
Apr 1, 2004
523
0
18,980
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Just a follow up to this. I created a test user and added the right to
the user in the Default Domain Policy. I refreshed the policy on the 2000
Server. I can see it as active, and it STILL has the "Clear all events"
option
grayed out. There has to be something else needed to allow a user the
ability to clear the event logs without being part of the administrator
group.
It wasn't this difficult in NT4... What else do you need to do in 2000?

"JP" <nospam@please.com> wrote in message
news:FK8Ie.51$Nz4.2867@news.uswest.net...
> Windows 2000 PDC
> Multiple servers - NT 4, 2000, 2003
>
> When I try to assign the "Managing audit and security log" right to my
> network technician, he can view the logs but the option to clear them is
> grayed out.
>
> I've tried a local policy on each server, no dice.
> I've added him to the Domain Controller Security Policy, and it works fine
> there. He can clear the logs on the PDC.
>
> I added him to the Domain Security Policy in hopes it would roll out to
> the other machines. (I've manually refreshed with secedit /refreshpolicy
> machine_policy) I can see his SID show up under one of the 2000 Servers
> Local Security Policy as being effective, but it will not allow his user
> id to clear the logs. He can view, but the option to clear is grayed out.
> His user id is also part of Domain Users, Account Operators, Server
> Operators, and Backup Operators.
>
> I'm fresh out of ideas at the moment. Any suggestions?
>
 
J

jp

Distinguished
Apr 1, 2004
523
0
18,980
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Ok, when I remove the "Manage auditing and security log" right from my test
user and push it to the 2000 server, I can no longer view the security log.
I can view the application log, but still the clear option is grayed out.
So, it appears the right is being implemented properly, but it's not
functioning as all the Microsoft documentation says it should be.
Everything I read says this right grants the user access to manage and audit
the security log...... As I've learn they mean that quite literally, just
the security log. The other event logs are still able to be viewed, albeit
not cleared. Does anyone know what I need to do to grant a user the right
to clear all event logs for archiving purposes?

Any suggestions would be appreciated.


"JP" <nospam@please.com> wrote in message
news:_a9Ie.52$Nz4.3079@news.uswest.net...
> Just a follow up to this. I created a test user and added the right to
> the user in the Default Domain Policy. I refreshed the policy on the 2000
> Server. I can see it as active, and it STILL has the "Clear all events"
> option
> grayed out. There has to be something else needed to allow a user the
> ability to clear the event logs without being part of the administrator
> group.
> It wasn't this difficult in NT4... What else do you need to do in 2000?
>
> "JP" <nospam@please.com> wrote in message
> news:FK8Ie.51$Nz4.2867@news.uswest.net...
>> Windows 2000 PDC
>> Multiple servers - NT 4, 2000, 2003
>>
>> When I try to assign the "Managing audit and security log" right to my
>> network technician, he can view the logs but the option to clear them is
>> grayed out.
>>
>> I've tried a local policy on each server, no dice.
>> I've added him to the Domain Controller Security Policy, and it works
>> fine there. He can clear the logs on the PDC.
>>
>> I added him to the Domain Security Policy in hopes it would roll out to
>> the other machines. (I've manually refreshed with secedit /refreshpolicy
>> machine_policy) I can see his SID show up under one of the 2000 Servers
>> Local Security Policy as being effective, but it will not allow his user
>> id to clear the logs. He can view, but the option to clear is grayed
>> out. His user id is also part of Domain Users, Account Operators, Server
>> Operators, and Backup Operators.
>>
>> I'm fresh out of ideas at the moment. Any suggestions?
>>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom