Solved

How Can I Grant a Domain User permission to WRITE to the event logs

Posted on 2007-12-05
5
1,602 Views
Last Modified: 2012-06-27
How do I allow a regular Domain account to write to the event logs on a Windows 2003 server.
We do not have the option to ADD the account to the Local Administrators group.
I understand that there are some registry changes that need to be implemented, but I would appreciate detailed instructions to accomplish this task.

Thanks

JEEGO
0
Comment
Question by:JEEGO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 20416156
Hi,

Read, write access to the event logs can be controlled via the group policies, try this: -

How to set event log security locally or by using Group Policy in Windows Server 2003
http://support.microsoft.com/kb/323076
0
 
LVL 1

Author Comment

by:JEEGO
ID: 20419356
Thanks for the link.  I have perused the content therein, but still have additional question(s)
How do I refer to the domain user account when editing the SDDL string?
0
 
LVL 29

Accepted Solution

by:
mass2612 earned 500 total points
ID: 20423288
Hi,

You can't really manage to use a domain account specifically as far as I know. You need to refer to the built in SID strings.

Here is a list of the SID strings: -
http://msdn2.microsoft.com/en-us/library/aa379602.aspx

For example to provide read access to the Application log for all Authenticated users you would use the ACE: -
(A;;0x1;;;AU)

When A = Application, 0x1 = Read and AU=Authenticated Users

The blog tries to explain this further and does a pretty good job of it - http://flimflan.com/blog/PermissionsOnTheWindows2003ServerEventLog.aspx
0
 
LVL 1

Author Comment

by:JEEGO
ID: 20542100
For this particular problem, I needed to assign the permissions to a particular user.
The direction provided by mass2612 helped resolve the issue, thus I will assign the points
I found a script on a site that was able to provide me with the SID assoc. with a particular domain user.
0
 
LVL 29

Expert Comment

by:mass2612
ID: 20546081
Thanks for the points can you please drop a link in here to where you found the script?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question