Solved

Programming NT security log

Posted on 1997-06-23
2
293 Views
Last Modified: 2013-12-28
HI,

Does anyone knows how to retrieve events logged by the security log file in windows NT?

I'm programming using Windows SDK.  Are there APIs that I can use to retrieve the information I want from the security log file?

Thanks!
kianbeng

0
Comment
Question by:YamSeng
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
moosach earned 20 total points
ID: 1779125
Hi,

that shouldn't be a major problem.  There are a couple of API's in the Win32 SDK like OpenEvenLog, ReadEventLog and so on.

Check also the MS knowledgebase article below. Is still valid for NT 4.0.

Regards

Toni

.......................................................................................................

 Accessing the Event Logs

PSS ID Number: Q108230
Article last modified on 11-02-1995
PSS database name: WIN32SDK
 
3.10 3.50
 
WINDOWS NT
 

-------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Win32 Application Programming Interface (API) included with:
 
    - Microsoft Windows NT versions 3.1 and 3.5
-------------------------------------------------------------------------
 
SUMMARY
=======
 
Event logs are used to store significant events, such as warnings, errors,
or information. There are five operations that can be performed on event
logs through the event logging application programming interface (API):
backup, clear, query, read, and write.
 
The default event logs are the Application event log, the Security event
log, and the System event log. Access to these event logs is determined by
which account the application is running under.
 
MORE INFORMATION
================
 
The following table shows which accounts are granted access to which logs
and what type of access is granted under Windows NT 3.1:
 
   Log           Account     Access Granted
   -------------------------------------------
   Application   LocalSys    read write clear
                 Admins      read write clear
                 ServerOp    read write clear
                 World       read write
 
   Security      LocalSys    read write clear
                 Admins      read       clear
 
   System        LocalSys    read write clear
                 Admins      read       clear
                 ServerOp    read       clear
                 World       read
   -------------------------------------------
   Table 1 - access granted in Windows NT 3.1
 
The Local System account (LocalSys) is a special account that may be used
by Windows NT services. The Administrator account (Admins) consists of the
administrators for the system. The Server Operator account (ServerOp)
consists of the administrators of the domain server. The World account
includes all users on all systems.
 
Changes made were for Windows NT 3.5:
 
   Log           Account     Access Granted
   -------------------------------------------
   Application   LocalSys    read write clear
                 Admins      read write clear
                 ServerOp    read write clear
                 World       read write
 
   Security      LocalSys    read write clear
                 Admins      read       clear
                 World       read       clear *
 
   System        LocalSys    read write clear
                 Admins      read write clear **
                 ServerOp    read       clear
                 World       read
   -------------------------------------------
   Table 2 - access granted under Windows NT 3.5
 
    * Users that have been granted manage auditing and security log rights
      can read and clear the Security log.
 
   ** Admins can write to the System log.
 
The following table shows which types of access are required for the
corresponding event logging API:
 
   Event Logging API         Access Required
   -------------------------------------------
   OpenEventLog()            read
   OpenBackupEventLog()      read
   RegisterEventSource()     write
   ClearEventLog()           clear
   -------------------------------------------
   Table 3 - access required for event logging APIs
 
As an example, OpenEventLog() requires read access (see Table 2). A member
of the ServerOp account can call OpenEventLog() for the Application event
log and the System event log, because ServerOp has read access for both of
these logs (see Table 1). However, a member of the ServerOp account cannot
call OpenEventLog() for the Security log, because it does not have read
access for this log (see Table 1).
 
Additional reference words: 3.10 3.50
KBCategory: kbprg
KBSubcategory: BseMisc
=============================================================================
Copyright Microsoft Corporation 1995.


 

0
 
LVL 1

Author Comment

by:YamSeng
ID: 1779126
I've got the answer....thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
Configuring Remote Assistance for use with SCCM
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question