You're not going to have access to copy the eventlogs from a scripting standpoint -- not while the system is running, anyway.
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Oct 28, 2010 at 9:32 AM, Cameron <cameron.orl...@gmail.com> wrote: > Could you not just setup a job to copy the security.evtx file to somewhere > else and let them access that? > > > > On Thu, Oct 28, 2010 at 2:48 AM, James Rankin <kz2...@googlemail.com>wrote: > >> Can you control this by NTFS access to the .evt file itself? >> >> >> >> On 27 October 2010 16:31, Ziots, Edward <ezi...@lifespan.org> wrote: >> >>> Running a Windows 2008 R2 DFL/FFL domain, security team needs a service >>> account to have read only access to the Security Eventlog accordingly. Is >>> there a way via the Default Domain Controllers Policy to Grant this, or >>> maybe a users right in Windows 2008 R2 accordingly? >>> >>> >>> >>> Z >>> >>> >>> >>> Edward E. Ziots >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin