The event log is easy, just a GPO: Create a new policy at the "Domain Controllers"-OU. Then navigate to CompConf\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ "Manage audit and security log" and "Generate security audit"
You can also take a look at this for more granular control: http://support.microsoft.com/kb/323076 Christopher Bodnar Technical Support III, Distributed Systems Service Delivery - Intel Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com From: David Lum <[email protected]> To: "NT System Admin Issues" <[email protected]> Date: 01/20/2012 09:57 AM Subject: I should know this, but.. How do you monitor running services and event logs on a domain controller w/out the account being a domain admin? DC’s in question are 2003. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image/jpeg>>
