I have a Windows 2003 SP2 server. An application on there writes daily logs to D:\App1\logs.
I would like to lock down the folder so that only one AD group - say Domain\Server1Admins can read the log files. But - at the same time - I don't want to interfere with the application's ability to write these log files.
Does anyone know how I can do this ? Are there any specfic system accounts I need to grant permission to - and what permissions do I need to allow?