Granting permissions to security logs

Archived from groups: microsoft.public.win2000.security (More info?)

Does anyone know how to grant access to a Windows 2000 server AD Domain
controller security log - without giving the users the right to purge, etc?
2 answers Last reply
More about granting permissions security logs
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    So you have a couple of choices, the one with the most security is that you
    dump the log (in either EVT or TXT format) and then give it to the person
    to review offline. The EVT file will only show SIDS for users and objects
    if the computer viewing the files does not have acces to your domain (this
    translation is done by event viewer on the fly). If you dumpt in TXT format
    it dumps the friendly names.

    Second option is to grant rights to right to the user to "Manage auditing
    and security log. This lets them do what they want in terms of viewing but
    they can also delete which you don't want, these roles are not seperable so
    if you get read you get edit as well as other rights.

    For 2003 this gets much easier (sort of) as you can use SDDL to grant only
    read access:
    323076 How to set event log security locally or by using Group Policy in
    http://support.microsoft.com/?id=323076

    --
    Curtis Koenig
    Security Support Engineer
    Product Support Services, Security Team
    MCSE, MCSES, CISSP

    This posting is provided "AS IS" with no warranties and confers no rights.
    Please reply to the newsgroup so that others may benefit. Thanks!

    --------------------
    >From: "=?Utf-8?B?cGlnc2tpbg==?=" <pigskin@discussions.microsoft.com>
    >Subject: Granting permissions to security logs
    >Date: Tue, 22 Feb 2005 11:03:02 -0800
    >
    >Does anyone know how to grant access to a Windows 2000 server AD Domain
    >controller security log - without giving the users the right to purge, etc?
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks, We ended up granting the manage and audit security log via group
    policy. However, we did some testing and no one with ou admin only privs was
    able to delete or modify the logs. The could save a copy to their hard drive
    but that was it. Otherwise it said access was denied if they tried deleting
    the logs

    "Curtis Koenig [MSFT]" wrote:

    > So you have a couple of choices, the one with the most security is that you
    > dump the log (in either EVT or TXT format) and then give it to the person
    > to review offline. The EVT file will only show SIDS for users and objects
    > if the computer viewing the files does not have acces to your domain (this
    > translation is done by event viewer on the fly). If you dumpt in TXT format
    > it dumps the friendly names.
    >
    > Second option is to grant rights to right to the user to "Manage auditing
    > and security log. This lets them do what they want in terms of viewing but
    > they can also delete which you don't want, these roles are not seperable so
    > if you get read you get edit as well as other rights.
    >
    > For 2003 this gets much easier (sort of) as you can use SDDL to grant only
    > read access:
    > 323076 How to set event log security locally or by using Group Policy in
    > http://support.microsoft.com/?id=323076
    >
    > --
    > Curtis Koenig
    > Security Support Engineer
    > Product Support Services, Security Team
    > MCSE, MCSES, CISSP
    >
    > This posting is provided "AS IS" with no warranties and confers no rights.
    > Please reply to the newsgroup so that others may benefit. Thanks!
    >
    > --------------------
    > >From: "=?Utf-8?B?cGlnc2tpbg==?=" <pigskin@discussions.microsoft.com>
    > >Subject: Granting permissions to security logs
    > >Date: Tue, 22 Feb 2005 11:03:02 -0800
    > >
    > >Does anyone know how to grant access to a Windows 2000 server AD Domain
    > >controller security log - without giving the users the right to purge, etc?
    > >
    >
    >
Ask a new question

Read More

Security Permissions Windows