RE: Question on Granting service account read access to Domain Controller Eventlogs

Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Ugh, our Information Security team is implementing SSIM right now. I'm not directly involved, other than having to provide upwards of 10TB for expected storage requirements. I just shudder a

Re: Question on Granting service account read access to Domain Controller Eventlogs

ctober 31, 2010 12:36 AM > > *To:* NT System Admin Issues > *Subject:* RE: Question on Granting service account read access to Domain > Controller Eventlogs > > > > Hi, > > > > We’re implementing SSIM (the Symantec product) and it pulls logs. > Apparently it scales

RE: Question on Granting service account read access to Domain Controller Eventlogs

: Question on Granting service account read access to Domain Controller Eventlogs Hi, We're implementing SSIM (the Symantec product) and it pulls logs. Apparently it scales... Cheers Ken From: Free, Bob [mailto:r...@pge.com] Sent: Friday, 29 October 2010 11:09 PM To: NT System

RE: Question on Granting service account read access to Domain Controller Eventlogs

Hi, We're implementing SSIM (the Symantec product) and it pulls logs. Apparently it scales... Cheers Ken From: Free, Bob [mailto:r...@pge.com] Sent: Friday, 29 October 2010 11:09 PM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Contr

RE: Question on Granting service account read access to Domain Controller Eventlogs

approach for WS2008 and above. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 29, 2010 4:59 AM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs It has a service that runs as an account that

RE: Question on Granting service account read access to Domain Controller Eventlogs

Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs Presumably this product has an agent or uses WinRM or something to read/pull in the logs in real time, back to a central location for correlation. The service account that's being us

RE: Question on Granting service account read access to Domain Controller Eventlogs

n.org Cell:401-639-3505 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, October 29, 2010 12:57 AM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs Presumably this product has an agent or uses WinRM or so

RE: Question on Granting service account read access to Domain Controller Eventlogs

y, 29 October 2010 3:06 AM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs If your environment is that big how can they look at multiple DCs in real time and correlate them? Maybe I don't understand your requirements but it

RE: Question on Granting service account read access to Domain Controller Eventlogs

r way to do it than to grant access to the logs directly. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, October 28, 2010 6:51 AM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs Its for Vericept, and

RE: Question on Granting service account read access to Domain Controller Eventlogs

: Question on Granting service account read access to Domain Controller Eventlogs I had to do this a year or so ago. It's not really too hard. There is a tool that I used to determine what the appropriate SDDL strings were. If I can dig it up today, I'll pass it on. ASB (My Xee

Re: Question on Granting service account read access to Domain Controller Eventlogs

You're not going to have access to copy the eventlogs from a scripting standpoint -- not while the system is running, anyway. *ASB *(My XeeSM Profile) *Exploiting Technology for Business Advantage...* * * On Thu, Oct 28, 2010 at 9:32 AM, Cameron wrote: > Could

Re: Question on Granting service account read access to Domain Controller Eventlogs

; CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:ezi...@lifespan.org > > Cell:401-639-3505 > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Thursday, October 28, 2010 8:27 AM > > *To:* NT System Ad

RE: Question on Granting service account read access to Domain Controller Eventlogs

...@gmail.com] Sent: Thursday, October 28, 2010 9:32 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Could you not just setup a job to copy the security.evtx file to somewhere else and let them access that? On Thu

Re: Question on Granting service account read access to Domain Controller Eventlogs

Could you not just setup a job to copy the security.evtx file to somewhere else and let them access that? On Thu, Oct 28, 2010 at 2:48 AM, James Rankin wrote: > Can you control this by NTFS access to the .evt file itself? > > > > On 27 October 2010 16:31, Ziots, Edward wrote: > >> Running a

RE: Question on Granting service account read access to Domain Controller Eventlogs

tober 2010 9:09 PM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I would have thought that user right should do it, to be fair On 28 October 2010 13:55, Ziots, Edward wrote: Yep, DC access is strictly limited, especial

RE: Question on Granting service account read access to Domain Controller Eventlogs

min Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I would have thought that user right should do it, to be fair On 28 October 2010 13:55, Ziots, Edward mailto:ezi...@lifespan.org>> wrote: Yep, DC access is strictly limited, especia

RE: Question on Granting service account read access to Domain Controller Eventlogs

Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, October 28, 2010 9:09 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I would

Re: Question on Granting service account read access to Domain Controller Eventlogs

* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Thursday, October 28, 2010 8:51 AM > > *To:* NT System Admin Issues > *Subject:* Re: Question on Granting service account read access to Domain > Controller Eventlogs > > > > I take it giving the service account admin

RE: Question on Granting service account read access to Domain Controller Eventlogs

t/UAT environments anyway. Link above also has info on SDDL. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 28 October 2010 8:48 PM To: NT System Admin Issues Subject: RE: Question on Granting service account read access to Domain Controller Eventlogs Yeah I saw that ar

RE: Question on Granting service account read access to Domain Controller Eventlogs

espan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, October 28, 2010 8:51 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs I take it givin

Re: Question on Granting service account read access to Domain Controller Eventlogs

lto:kz2...@googlemail.com] > *Sent:* Thursday, October 28, 2010 8:27 AM > > *To:* NT System Admin Issues > *Subject:* Re: Question on Granting service account read access to Domain > Controller Eventlogs > > > > Maybe this? http://support.microsoft.com/kb/323076 > >

RE: Question on Granting service account read access to Domain Controller Eventlogs

s Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, October 28, 2010 8:27 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Maybe this? http://support.microsoft.com/kb/323076 On 27 October 2010 16:31, Ziots, Edwar

Re: Question on Granting service account read access to Domain Controller Eventlogs

Maybe this? http://support.microsoft.com/kb/323076 On 27 October 2010 16:31, Ziots, Edward wrote: > Running a Windows 2008 R2 DFL/FFL domain, security team needs a service > account to have read only access to the Security Eventlog accordingly. Is > there a way via the Default Domain Controller

RE: Question on Granting service account read access to Domain Controller Eventlogs

rsday, October 28, 2010 2:49 AM To: NT System Admin Issues Subject: Re: Question on Granting service account read access to Domain Controller Eventlogs Can you control this by NTFS access to the .evt file itself? On 27 October 2010 16:31, Ziots, Edward wrote: Running a Windows 2008 R2 DF

Re: Question on Granting service account read access to Domain Controller Eventlogs

Can you control this by NTFS access to the .evt file itself? On 27 October 2010 16:31, Ziots, Edward wrote: > Running a Windows 2008 R2 DFL/FFL domain, security team needs a service > account to have read only access to the Security Eventlog accordingly. Is > there a way via the Default Domai