Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How Can I Grant a Domain User permission to WRITE to the event logs

Posted on 2007-12-05
5
Medium Priority
?
1,612 Views
Last Modified: 2012-06-27
How do I allow a regular Domain account to write to the event logs on a Windows 2003 server.
We do not have the option to ADD the account to the Local Administrators group.
I understand that there are some registry changes that need to be implemented, but I would appreciate detailed instructions to accomplish this task.

Thanks

JEEGO
0
Comment
Question by:JEEGO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 20416156
Hi,

Read, write access to the event logs can be controlled via the group policies, try this: -

How to set event log security locally or by using Group Policy in Windows Server 2003
http://support.microsoft.com/kb/323076
0
 
LVL 1

Author Comment

by:JEEGO
ID: 20419356
Thanks for the link.  I have perused the content therein, but still have additional question(s)
How do I refer to the domain user account when editing the SDDL string?
0
 
LVL 29

Accepted Solution

by:
mass2612 earned 1500 total points
ID: 20423288
Hi,

You can't really manage to use a domain account specifically as far as I know. You need to refer to the built in SID strings.

Here is a list of the SID strings: -
http://msdn2.microsoft.com/en-us/library/aa379602.aspx

For example to provide read access to the Application log for all Authenticated users you would use the ACE: -
(A;;0x1;;;AU)

When A = Application, 0x1 = Read and AU=Authenticated Users

The blog tries to explain this further and does a pretty good job of it - http://flimflan.com/blog/PermissionsOnTheWindows2003ServerEventLog.aspx
0
 
LVL 1

Author Comment

by:JEEGO
ID: 20542100
For this particular problem, I needed to assign the permissions to a particular user.
The direction provided by mass2612 helped resolve the issue, thus I will assign the points
I found a script on a site that was able to provide me with the SID assoc. with a particular domain user.
0
 
LVL 29

Expert Comment

by:mass2612
ID: 20546081
Thanks for the points can you please drop a link in here to where you found the script?
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question