• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 872
  • Last Modified:

Windows Server 2003 Read Only Event Log viewing

I am trying to allow a group of users in a specific OU to be able to have 'Read Only' access to 4 Windows Server 2003 Servers to allow them to diagnose problems. Is this possible without giving them access to the Servers either locally or remotely.
0
amlloyd
Asked:
amlloyd
  • 2
  • 2
1 Solution
 
placebo69aCommented:
Hi there!
Yes, it is possible to give users either local or remote read only access to your server's event log. For remote access the users must have logged in to the server at least once so that their SID is in the server's registry.
The process involves editing a registry value called CustomSD for each of the logs' registry keys  (app, sec, sys etc.) found under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog.
The CustomSD value contains the permissions in SDDL form, each entry looking something like this:
(A;;7;;;S-1-5-21-1605523419-404293322-1556899496-26113)
The first part is whether to allow (A) or deny (D) access, followed by a couple of semi-colons.
The second part is the level of access. Use this table and add up the values to determine access. If you want read only access this value should be 4, full access is the sum of all the values - 7.
  • Read access - 4
  • Write access - 2
  • Clear access - 1
The third and last part (preceded by 3 semi-colons) is the user's SID. Not sure how to determine a user's SID? There are plenty of small applications out there to do it for you. Here's one. It's a vbscript that pulls out the sAMAccountName for every security principle on the machine. That's the SID you want to give the permission to.
Let me know if this helps. :)

0
 
amlloydAuthor Commented:
Will I have to reboot the Server once I have changed the entries in the Registry?
0
 
placebo69aCommented:
Yes, a reboot is required for the changes to take effect.
0
 
amlloydAuthor Commented:
Many thanks for your support in this matter.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now