I had to do this a year or so ago. It's not really too hard. There is a tool that I used to determine what the appropriate SDDL strings were. If I can dig it up today, I'll pass it on.
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Oct 28, 2010 at 8:47 AM, Ziots, Edward <ezi...@lifespan.org> wrote: > Yeah I saw that article, problem is one screw up and you could waste the > eventlogs on all the DC’s and the DC’s are in production, I rather not have > to play around trying to calculate the codes for SDDL and stuff. With as > many DC’s as I have Id have to update the .INF file, register it, on all the > DC’s and Id have to do this in a test environment first to verify it works > before doing change management in production. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:ezi...@lifespan.org <email%3aezi...@lifespan.org> > > Cell:401-639-3505 > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Thursday, October 28, 2010 8:27 AM > > *To:* NT System Admin Issues > *Subject:* Re: Question on Granting service account read access to Domain > Controller Eventlogs > > > > Maybe this? http://support.microsoft.com/kb/323076 > > On 27 October 2010 16:31, Ziots, Edward <ezi...@lifespan.org> wrote: > > Running a Windows 2008 R2 DFL/FFL domain, security team needs a service > account to have read only access to the Security Eventlog accordingly. Is > there a way via the Default Domain Controllers Policy to Grant this, or > maybe a users right in Windows 2008 R2 accordingly? > > > > Z > > > > Edward E. Ziots > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin