Thanks. I took a look at the article and oddly enough, I don't have any of those settings in the local group policy on my win2k3 enterprise member server.
Also, I take it there is no group policy to block read access to the app and system log on a win2k server? Finally, does anyone know what the default acl is on the system,app,dns,directory services,etc logs in win2000? what user groups can read a remote event log in the local and remote domains? thanks alot [EMAIL PROTECTED] wrote: > Hey Tom... > > In W2k3, you can set the rights... > > http://support.microsoft.com/default.aspx?scid=kb;en-us;323076 > > On 2000, and 2003 there is a policy setting in the local user rights > assingments "manage auditing and security log" Which can be set to a > global group. However, you have to be careful with this. Some > things have to apparently access the log and might not have the > rights. I"m going to guess SP's would, along with other weird > problems you might experience. We tried it on XP boxes here so that > security was the only ones that could access it, and found out we > couldn't run system restore, and apply some patches without being in > the group. We ended up setting it back to the default on the clients. > > John > > > > > > "Kern, Tom" > <[EMAIL PROTECTED] >> To > Sent by: "ActiveDir (E-mail)" > [EMAIL PROTECTED] <ActiveDir@mail.activedir.org> > ail.activedir.org > cc > > > Subject 04/07/2005 11:20 [ActiveDir] event > viewer access AM > > > Please respond to > [EMAIL PROTECTED] > tivedir.org > > > > > > > In an AD forest, every domain admin can view the event logs(except > security) on all servers/dc's in every domain in the forest. > My question is, how can you prevent a domain admin(who is not an > enterprise admin) from viewing the event logs on a server/dc not in > his/her domain? thanks > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/