Archived from groups: microsoft.public.win2000.security (
More info?)
Thanks, We ended up granting the manage and audit security log via group
policy. However, we did some testing and no one with ou admin only privs was
able to delete or modify the logs. The could save a copy to their hard drive
but that was it. Otherwise it said access was denied if they tried deleting
the logs
"Curtis Koenig [MSFT]" wrote:
> So you have a couple of choices, the one with the most security is that you
> dump the log (in either EVT or TXT format) and then give it to the person
> to review offline. The EVT file will only show SIDS for users and objects
> if the computer viewing the files does not have acces to your domain (this
> translation is done by event viewer on the fly). If you dumpt in TXT format
> it dumps the friendly names.
>
> Second option is to grant rights to right to the user to "Manage auditing
> and security log. This lets them do what they want in terms of viewing but
> they can also delete which you don't want, these roles are not seperable so
> if you get read you get edit as well as other rights.
>
> For 2003 this gets much easier (sort of) as you can use SDDL to grant only
> read access:
> 323076 How to set event log security locally or by using Group Policy in
>
http://support.microsoft.com/?id=323076
>
> --
> Curtis Koenig
> Security Support Engineer
> Product Support Services, Security Team
> MCSE, MCSES, CISSP
>
> This posting is provided "AS IS" with no warranties and confers no rights.
> Please reply to the newsgroup so that others may benefit. Thanks!
>
> --------------------
> >From: "=?Utf-8?B?cGlnc2tpbg==?=" <pigskin@discussions.microsoft.com>
> >Subject: Granting permissions to security logs
> >Date: Tue, 22 Feb 2005 11:03:02 -0800
> >
> >Does anyone know how to grant access to a Windows 2000 server AD Domain
> >controller security log - without giving the users the right to purge, etc?
> >
>
>
Facebook
Twitter
Instagram