[ActiveDir] MACS

[Rich Milburn]

Title: Windows 2000 Security Log Rights

Sounds like MACS does some things certain unnamed products do at a much higher fee.  It’d be nice to do some testing and evaluation of it to be ready to go live when the SP1 comes out – is there a beta/preview of it for lab testing?  SP1 is not due for some time yet, right? Rich   From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 2:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2000 Security Log Rights   possible, but not without leaving tracks, as MACS will 1.  Detect gaps in the data transmitted from the agent to the collector (which is usually a different machine) and alerts the auditor 2.  Signs and encrypts communication between the agent and the collector to ensure that information that is received has not been tampered with 3.  Disallows local editing of agent configuration as by default the configuration of the agent can only be modified by the collector   /Guido   From: Joe [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 8. Januar 2004 03:01 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2000 Security Log Rights But in the meanwhile, if you grant access to the security logs the person with the access can also clear the security log or write security log entries.     joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1) Sent: Wednesday, January 07, 2004 5:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2000 Security Log Rights That's where something like MACS comes in (MS Audit Collector Service) - should be available shortly after SP1 for 2003 (but will also collect security logs from 2000 machines).  You auditor will then be able to access all collected security event logs from a central database (makes analysis much easier as well). And you don't need to grant them any special rights either.   /Guido   From: Burkes, Jeremy [contractor] [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 7. Januar 2004 18:14 To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows 2000 Security Log Rights Okay everyone probably a stupid question but here it goes.  We have a user who has some rights to domain controllers but not full administrative rights.  We want this user to be able to view only the security log.  Is there a way to provide just view only rights to the security log.  I am assuming this is not possible since it would be in the same section where you find managing auditing and security log in group policy under computer configuration\windows settings\security settings\local policies\user right assignments.  But I just wanted to check to see if you guys knew anything different.  TIA. Jeremy -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.