It is well known that access to the security log (event viewer) is restricted by design only for Administrators [Http://technet.microsoft.com/en-us/library/cc775525(WS.10).Aspx]. In the case of Active Directory Controllers this is valid for Administrator and Domain Admins. Therefore I asked whether anyone knows if there is a hotfix, workaround, etc, to give a user (who does not belong to the Administrators group) read access (minimal permissions) to the security log in the event viewer. Thanks in advance. G.D.Pachello

How to set event log security locally or by using Group Policy in Windows Server 2003 http://support.microsoft.com/kb/323076

Hi matrixx016. Thank you for your answer!!! Regards. G.D.Pachello.

Hi there, I'm having problems with allowing a domain user to read the security event log on the DC's on a 2008 domain. It seems this is somewhat different to a 2003 DC. I've read loads of articles about it, but I just can't get it to work from a C# application. I have set up a user (called readonly) which is a completely standard user, then I've added this user to the Event Log Readers group. I have then added the following SDDL string to the Log Access entry under the Security section of the Event Log Service, as described here : O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x3;;;BO)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x3;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x2;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) The last part of it uses the SID of the Event Log Readers group (S-1-5-32-573). I've rebooted but still I'm unable to access the event log from my C# application - I get a permission denied error. I can access it fine from the Event Viewer running on my machine (Win7) and connecting to the DC. My C# code is quite striaght forward I think: if (DomainUserName != null && DomainUserName != string.Empty) { co.Username = DomainUserName; co.Password = DomainUserPassword; co.Impersonation = ImpersonationLevel.Impersonate; } ManagementScope scope = new ManagementScope(@"\\" + DomainControllerName + @"\root\cimv2", co); scope.Connect(); Could you tell me what I need to do to be able to read the security log on a 2008 DC from C#? Many thanks