You can set the SDDL using a GPO: http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx
And testing something before implementing it is what IT admins do. You'd have to test and implement this first in your Dev/Test/UAT environments anyway. Link above also has info on SDDL. Cheers Ken From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, 28 October 2010 8:48 PM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs Yeah I saw that article, problem is one screw up and you could waste the eventlogs on all the DC's and the DC's are in production, I rather not have to play around trying to calculate the codes for SDDL and stuff. With as many DC's as I have Id have to update the .INF file, register it, on all the DC's and Id have to do this in a test environment first to verify it works before doing change management in production. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: James Rankin [mailto:[email protected]] Sent: Thursday, October 28, 2010 8:27 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Maybe this? http://support.microsoft.com/kb/323076 On 27 October 2010 16:31, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: Running a Windows 2008 R2 DFL/FFL domain, security team needs a service account to have read only access to the Security Eventlog accordingly. Is there a way via the Default Domain Controllers Policy to Grant this, or maybe a users right in Windows 2008 R2 accordingly? Z ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
