Solved

Problem opening Security Event viewer without Domain Admin account

Posted on 2007-12-07
4
704 Views
Last Modified: 2012-06-21
Hi

I am trying to create a group that are able to access the security event viewer on a 2003 DC without granting full domain admin access. I have tried permissioning the area where the files are located (system32\config). I have also made sure the group is not a member of the guest accounts as microsoft suggest. Would prefer it if I dont have to mess around with the regitry or doing anything too drastic but running out of options a bit.

Any help greatly appreicated

Cheers

Jamie
0
Comment
Question by:itlplc
  • 3
4 Comments
 
LVL 4

Expert Comment

by:tomo999
ID: 20426746
You can allow access to this by updating the SDDL string in the following key;
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security\CustomSD

The default string should be something like;
O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)

You can add additional access by extending the string to include;
(A;;0x1;;;SID OF GROUP)

So the new string would be;
O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;[SID OF GROUP])

You can learn more about SDDL here;
http://msdn2.microsoft.com/en-us/library/aa379567.aspx

Hope that helps.
0
 

Author Comment

by:itlplc
ID: 20426765
Thanks for the speedy response tomo999, I dont suppose you have any less risky ideas. I understand if this is the only way but am loathed to edit the regitry unless theres no other choice :-)

Cheers

Jamie
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20426800
Unfortunately I couldn't find any other way to do it.

I would just make sure you test it on a non-production system first and then make sure you have sufficient backups of your DCs when you go live.

It took me a while to get the SDDL syntax correct but now I have, I haven't had any problems with it since.
0
 
LVL 4

Accepted Solution

by:
tomo999 earned 500 total points
ID: 20426807
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now