Adding rights to a computer account

Posted on 2004-11-03
Medium Priority
Last Modified: 2012-05-05
I'm troubleshooting a problem with a Windows 2000 server. To resolve the problem, Microsoft suggests that I:

"Manually grant the Manage Auditing and Security Log right (SeSecurityPrivilege) to the Exchange 2000 Enterprise Server computers."

I cannot figure out how to do this and I'm pretty good at figuring out things like this. Thanks for any help!
Question by:WineGeek
LVL 20

Assisted Solution

Debsyl99 earned 225 total points
ID: 12486873
Hopefully relevant article on how to grant the right to a security group -
Access Denied: Letting Users View Security Logs
Deb :))

Accepted Solution

TMWSIY earned 525 total points
ID: 12486926
from: http://support.microsoft.com/default.aspx?scid=kb;en-us;q314294

To resolve this issue, use the Policytest.exe utility to check the status of the SeSecurityPrivilege right on all of the domain controllers in a single domain. The Policytest.exe utility is included on the Exchange 2000 installation CD-ROM.

To determine whether or not Exchange 2000 Enterprise server has the SeSecurityPrivilege right on a domain controller: 1. Log on to the domain controller as a domain administrator, and then start the Domain Controller Security Policy console. (By default, the Domain Controller Security Policy console is located on the Start menu in the Administrative Tools group.)
2. Expand Security Settings, and then expand Local Policies. Expand User Rights Assignment, and then open the properties of Manage Auditing and Security Log.
You can grant the SeSecurityPrivilege right directly to Exchange 2000 Enterprise servers, or you can run Exchange 2000 Setup again with the /domainprep switch to grant the SeSecurityPrivilege right automatically.

If you run Setup.exe with the /domainprep switch, you do not interrupt service on existing Exchange computers. Another advantage of this method is that it checks and resets other default rights and group memberships that may also have been changed.

If the Exchange Enterprise Servers group was recently granted the SeSecurityPrivilege right, that change does not take effect until the security policy is refreshed on the domain controller. The time that it takes to refresh the security policy depends on domain topology and configuration. By default, policy replication to other domain controllers occurs within five minutes, and application of the policy change within another five minutes.

Even if a particular domain does not contain any Exchange computers, Exchange computers in other domains may use that domain’s domain controllers. If you want Exchange 2000 to be able to perform global catalog lookups and make Configuration container changes when Exchange uses these domain controllers, the follow these steps for the domain: 1. From the Exchange 2000 installation CD-ROM, run the Setup program with the /domainprep switch (Setup.exe /domainprep). This configures the appropriate groups and rights for cross-domain Exchange communication.
2. In Exchange System Administrator, create a Recipient Update Service for the domain. The Recipient Update Service for each domain is responsible for populating the Exchange Enterprise Servers domain local group with Exchange Domain Servers global groups from other domains. The Recipient Update Service is also responsible for other tasks.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Currently, there is an issue with being able to copy values from an external application to a dropdown list in Project Web Access (PWA).  The standard copy and paste methods don't seem to work properly. Here is a way to accomplish this task to s…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question