Solved

Windows Server 2003 Read Only Event Log viewing

Posted on 2008-10-06
4
855 Views
Last Modified: 2013-12-05
I am trying to allow a group of users in a specific OU to be able to have 'Read Only' access to 4 Windows Server 2003 Servers to allow them to diagnose problems. Is this possible without giving them access to the Servers either locally or remotely.
0
Comment
Question by:amlloyd
  • 2
  • 2
4 Comments
 
LVL 4

Accepted Solution

by:
placebo69a earned 500 total points
ID: 22648523
Hi there!
Yes, it is possible to give users either local or remote read only access to your server's event log. For remote access the users must have logged in to the server at least once so that their SID is in the server's registry.
The process involves editing a registry value called CustomSD for each of the logs' registry keys  (app, sec, sys etc.) found under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog.
The CustomSD value contains the permissions in SDDL form, each entry looking something like this:
(A;;7;;;S-1-5-21-1605523419-404293322-1556899496-26113)
The first part is whether to allow (A) or deny (D) access, followed by a couple of semi-colons.
The second part is the level of access. Use this table and add up the values to determine access. If you want read only access this value should be 4, full access is the sum of all the values - 7.
  • Read access - 4
  • Write access - 2
  • Clear access - 1
The third and last part (preceded by 3 semi-colons) is the user's SID. Not sure how to determine a user's SID? There are plenty of small applications out there to do it for you. Here's one. It's a vbscript that pulls out the sAMAccountName for every security principle on the machine. That's the SID you want to give the permission to.
Let me know if this helps. :)

0
 

Author Comment

by:amlloyd
ID: 22650390
Will I have to reboot the Server once I have changed the entries in the Registry?
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22675136
Yes, a reboot is required for the changes to take effect.
0
 

Author Closing Comment

by:amlloyd
ID: 31623590
Many thanks for your support in this matter.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now