Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Windows Server 2003 Read Only Event Log viewing

Posted on 2008-10-06
Medium Priority
Last Modified: 2013-12-05
I am trying to allow a group of users in a specific OU to be able to have 'Read Only' access to 4 Windows Server 2003 Servers to allow them to diagnose problems. Is this possible without giving them access to the Servers either locally or remotely.
Question by:amlloyd
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

placebo69a earned 2000 total points
ID: 22648523
Hi there!
Yes, it is possible to give users either local or remote read only access to your server's event log. For remote access the users must have logged in to the server at least once so that their SID is in the server's registry.
The process involves editing a registry value called CustomSD for each of the logs' registry keys  (app, sec, sys etc.) found under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog.
The CustomSD value contains the permissions in SDDL form, each entry looking something like this:
The first part is whether to allow (A) or deny (D) access, followed by a couple of semi-colons.
The second part is the level of access. Use this table and add up the values to determine access. If you want read only access this value should be 4, full access is the sum of all the values - 7.
  • Read access - 4
  • Write access - 2
  • Clear access - 1
The third and last part (preceded by 3 semi-colons) is the user's SID. Not sure how to determine a user's SID? There are plenty of small applications out there to do it for you. Here's one. It's a vbscript that pulls out the sAMAccountName for every security principle on the machine. That's the SID you want to give the permission to.
Let me know if this helps. :)


Author Comment

ID: 22650390
Will I have to reboot the Server once I have changed the entries in the Registry?

Expert Comment

ID: 22675136
Yes, a reboot is required for the changes to take effect.

Author Closing Comment

ID: 31623590
Many thanks for your support in this matter.

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Learn about cloud computing and its benefits for small business owners.
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question