security logs permissions
It is well known that access to the security log (event viewer) is restricted by design only for Administrators
[Http://technet.microsoft.com/en-us/library/cc775525(WS.10).Aspx].
In the case of Active Directory Controllers this is valid for Administrator and Domain Admins.
Therefore I asked whether anyone knows if there is a hotfix, workaround, etc,
to give a user (who does not belong to the Administrators group) read access (minimal permissions)
to the security log in the event viewer.
Thanks in advance.
G.D.Pachello
September 22nd, 2010 2:21pm
How to set event log security locally or by using Group Policy in Windows Server 2003
http://support.microsoft.com/kb/323076
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2010 2:43pm
Hi matrixx016.
Thank you for your answer!!!
Regards.
G.D.Pachello.
September 22nd, 2010 3:18pm
Hi there,
I'm having problems with allowing a domain user to read the security event log on the DC's on a 2008 domain. It seems this is somewhat different to a 2003 DC. I've read loads of articles about it, but I just can't get it to work from a C# application.
I have set up a user (called readonly) which is a completely standard user, then I've added this user to the Event Log Readers group.
I have then added the following SDDL string to the Log Access entry under the Security section of the Event Log Service, as described here
:
O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x3;;;BO)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x3;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x2;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
The last part of it uses the SID of the Event Log Readers group (S-1-5-32-573). I've rebooted but still I'm unable to access the event log from my C# application - I get a permission denied error. I can access it fine from the Event Viewer running
on my machine (Win7) and connecting to the DC.
My C# code is quite striaght forward I think:
if (DomainUserName != null && DomainUserName != string.Empty)
{
co.Username = DomainUserName;
co.Password = DomainUserPassword;
co.Impersonation = ImpersonationLevel.Impersonate;
}
ManagementScope scope = new ManagementScope(@"\\" + DomainControllerName + @"\root\cimv2", co);
scope.Connect();
Could you tell me what I need to do to be able to read the security log on a 2008 DC from C#?
Many thanks
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2010 6:25pm