Chris- Why not export the EVT files from each server to a big folder and let them read them on their machines?
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, September 03, 2009 10:27 AM To: NT System Admin Issues Subject: Access to Event Logs for Auditors Got an internal group of auditors that needs access to servers for investigations, but only read access. This is one of the items they need. If I make them a member of the Remote Desktop Users group, and they log on to the server through RDP, they can view all of the event logs except Security. If they try to view the event logs remotely (Event Viewer->Connect to another computer) they can only see the IE log, everything else is Access Denied. Does anyone know why there is a difference? I am aware of how to modify access by tweaking the SDDL string: http://support.microsoft.com/kb/323076 But I don't think that is the issue here. Anyone run into this before? By the way if anyone is interested, this is a great primer on SDDL. I was totally unaware of this until 2 days ago. http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx Thanks Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com> Phone: 610-807-6459 Fax: 610-807-6003 ________________________________ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~