Win 2003-Event logs viewer access to other staff

Dear Experts,

i want to give one of our staff access to event viewer of my Domain Controller, how to achive. plz help.
LVL 3
itubafAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ram BalachandranCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vinsvinCommented:
Windows Server 2003 permits administrators to customize security access rights to their event logs. These settings can be configured locally or through Group Policy. This article describes how to use both of these methods.

You can grant users one or more of the following access rights to event logs:
Read
Write
Clear
Important You can configure the security log in the same way. However, you can change only Read and Clear access permissions. Write access to the security log is reserved only for the Windows Local Security Authority (LSA).

Configure Event Log Security Locally
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:


The security of each log is configured locally through the values in the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog
For example the Application log Security Descriptor is configured through the following registry value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
And the System log Security Descriptor is configured through the following:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System\CustomSD
The Security Descriptor for each log is specified by using Security Descriptor Definition Language (SDDL) syntax. For more information about SDDL syntax, see the Platform SDK, or visit the Microsoft Web site mentioned in the "References" section of this article.

To construct an SDDL string, note that there are three distinct rights that pertain to event logs: Read, Write, and Clear. These rights correspond to the following bits in the access rights field of the ACE string:
1= Read
2 = Write
4 = Clear
The following is a sample SDDL that shows the default SDDL string for the Application log. The access rights (in hexadecimal) are bold-faced for illustration:
O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0x5;;;BA)(A;; 0x7;;;SO)(A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;; 0x2;;;NS)
For example, the first ACE denies Anonymous Users read, write, and clear access to the log. The sixth ACE permits Interactive Users to read and write to the log.

Modify Your Local Policy to Permit Customization of the Security of Your Event Logs
Back up the %WinDir%\Inf\Sceregvl.inf file to a known location.
Open %WinDir%\Inf\Sceregvl.inf in Notepad.
Scroll to the middle of file, and then put the pointer immediately before [Strings].
Insert the following lines:
MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD,1,%AppLogSD%,2

MACHINE\System\CurrentControlSet\Services\Eventlog\System\CustomSD,1,%SysLogSD%,2
Scroll to the end of the file, and then insert the following lines:
AppLogSD="Event log: Specify the security of the application log in Security Descriptor Definition Language (SDDL) syntax"

SysLogSD="Event log: Specify the security of the System log in Security Descriptor Definition Language (SDDL) syntax"
Save and then close the file.
Click Start, click Run, type regsvr32 scecli.dll in the Open box, and then press ENTER.
In the DllRegisterServer in scecli.dll succeeded dialog box, click OK.

Use the Computer's Local Group Policy to Set Your Application and System Log Security
Click Start, click Run, type gpedit.msc, and then click OK.
In the Group Policy editor, expand Windows Setting, expand Security Settings, expand Local Policies, and then expand Security Options.
Double-click Event log: Application log SDDL, type the SDDL string that you want for the log security, and then click OK.
Double-click Event log: System log SDDL, type the SDDL string that you want for the log security, and then click OK.

Use Group Policy to Set Your Application and System Log Security for a Domain, Site, or Organizational Unit in Active Directory
Important: To view the group policy settings that are described in this article in the Group Policy editor, first complete the following steps, and then continue to the "Use Group Policy to Set Your Application and System Log Security" section:
Use a text editor such as Notepad to open the Sceregvl.inf in the %Windir%\Inf folder.
Add the following lines to the [Register Registry Values] section:
MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD,1,%AppCustomSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\Security\CustomSD,1,%SecCustomSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\System\CustomSD,1,%SysCustomSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\Directory Service\CustomSD,1,%DSCustomSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\DNS Server\CustomSD,1,%DNSCustomSD%,2
MACHINE\System\CurrentControlSet\Services\Eventlog\File Replication Service\CustomSD,1,%FRSCustomSD%,2
Add the following lines to the [Strings] section:
AppCustomSD="Eventlog: Security descriptor for Application event log"
SecCustomSD="Eventlog: Security descriptor for Security event log"
SysCustomSD="Eventlog: Security descriptor for System event log"
DSCustomSD="Eventlog: Security descriptor for Directory Service event log"
DNSCustomSD="Eventlog: Security descriptor for DNS Server event log"
FRSCustomSD="Eventlog: Security descriptor for File Replication Service event log"
Save the changes you made to the Sceregvl.inf file, and then run the regsvr32 scecli.dll command.
Start Gpedit.msc, and then double-click the following branches to expand them:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Security Options
View the right panel to find the new "Eventlog" settings.
Use Group Policy to Set Your Application and System Log Security
In the Active Directory Sites and Services snap-in or the Active Directory Users and Computers snap-in, right-click the object for which you want to set the policy, and then click Properties.
Click the Group Policy tab.
If you must create a new policy, click New, and then define the policy's name. Otherwise, go to step 5.
Select the policy that you want, and then click Edit.

The Local Group Policy MMC snap-in appears.
Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
Double-click Event log: Application log SDDL, type the SDDL string that you want for the log security, and then click OK.
Double-click Event log: System log SDDL, type the SDDL string that you want for the log security, and then click OK.

For more information about SDDL syntax and about how to construct an SDDL string, visit the following Microsoft Web site:
Security Descriptor String Format
http://msdn2.microsoft.com/en-us/library/aa379570.aspx
0
Neil RussellTechnical Development LeadCommented:

@vinsvin

EE Rules forbid the copy/paste from other wensites without quoting exact source, this is considered plaugerism and copyright theft.  In youcase from  

http://support.microsoft.com/kb/323076

Make sure you quote ALL copied text and not leave it to look like your own.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.