That option enables the user to manage the logs - including clearing events. If read access only is required, then using the "log access" GPO setting is preferable.
Cheers Ken From: James Rankin [mailto:[email protected]] Sent: Thursday, 28 October 2010 9:09 PM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I would have thought that user right should do it, to be fair On 28 October 2010 13:55, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: Yep, DC access is strictly limited, especially with the new Win2k8R2 Domain. If Manage Audit and Security Logs user right along with EventLog Readers group access doesn't cut it for them, then ohh well. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected]<mailto:email%[email protected]> Cell:401-639-3505 From: James Rankin [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, October 28, 2010 8:51 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I take it giving the service account admin access to the DCs is a big no-no as well :-) or, I suppose, rather defeats the object On 28 October 2010 13:47, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: Yeah I saw that article, problem is one screw up and you could waste the eventlogs on all the DC's and the DC's are in production, I rather not have to play around trying to calculate the codes for SDDL and stuff. With as many DC's as I have Id have to update the .INF file, register it, on all the DC's and Id have to do this in a test environment first to verify it works before doing change management in production. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected]<mailto:email%[email protected]> Cell:401-639-3505 From: James Rankin [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, October 28, 2010 8:27 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Maybe this? http://support.microsoft.com/kb/323076 On 27 October 2010 16:31, Ziots, Edward <[email protected]<mailto:[email protected]>> wrote: Running a Windows 2008 R2 DFL/FFL domain, security team needs a service account to have read only access to the Security Eventlog accordingly. Is there a way via the Default Domain Controllers Policy to Grant this, or maybe a users right in Windows 2008 R2 accordingly? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected]<mailto:email%[email protected]> Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
