Cool appreciate it.
Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, October 28, 2010 10:19 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I had to do this a year or so ago. It's not really too hard. There is a tool that I used to determine what the appropriate SDDL strings were. If I can dig it up today, I'll pass it on. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Oct 28, 2010 at 8:47 AM, Ziots, Edward <ezi...@lifespan.org> wrote: Yeah I saw that article, problem is one screw up and you could waste the eventlogs on all the DC's and the DC's are in production, I rather not have to play around trying to calculate the codes for SDDL and stuff. With as many DC's as I have Id have to update the .INF file, register it, on all the DC's and Id have to do this in a test environment first to verify it works before doing change management in production. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, October 28, 2010 8:27 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Maybe this? http://support.microsoft.com/kb/323076 On 27 October 2010 16:31, Ziots, Edward <ezi...@lifespan.org> wrote: Running a Windows 2008 R2 DFL/FFL domain, security team needs a service account to have read only access to the Security Eventlog accordingly. Is there a way via the Default Domain Controllers Policy to Grant this, or maybe a users right in Windows 2008 R2 accordingly? Z Edward E. Ziots ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin