Could you not just setup a job to copy the security.evtx file to somewhere else and let them access that?
On Thu, Oct 28, 2010 at 2:48 AM, James Rankin <kz2...@googlemail.com> wrote: > Can you control this by NTFS access to the .evt file itself? > > > > On 27 October 2010 16:31, Ziots, Edward <ezi...@lifespan.org> wrote: > >> Running a Windows 2008 R2 DFL/FFL domain, security team needs a service >> account to have read only access to the Security Eventlog accordingly. Is >> there a way via the Default Domain Controllers Policy to Grant this, or >> maybe a users right in Windows 2008 R2 accordingly? >> >> >> >> Z >> >> >> >> Edward E. Ziots >> >> CISSP, Network +, Security + >> >> Network Engineer >> >> Lifespan Organization >> >> Email:ezi...@lifespan.org <email%3aezi...@lifespan.org> >> >> Cell:401-639-3505 >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin