Computer Management Window permissions

Posted on 2012-09-19
Last Modified: 2012-09-27
Hello Experts,

I am a system administrator for a network and would like to grant a non-system administrator account limited administrator permissions on the network to be able to view/pull Event Viewer logs from multiple machines using the computer management window. I prefer not to add this user into the domain admins group if possible. Is there a way to grant limited administrator permissions without giving full administrator priviledges? My internet research has not led me to the right answer as of yet.

thanks in advance!
Question by:jslaught
    LVL 11

    Expert Comment


    Author Comment

    Thanks for the link above. Followed the link and tried what it recommended. The non-administrator account can now connect to other computers through the computer management window (which is what we wanted) but is not able to view or clear any of the event logs. It gives an access denied message. I am trying to continue looking through the other group policy settings to see where I can grant the non-administrator account access in viewing and clearing event viewer logs. Any suggestions?

    Author Comment

    It seems like there is no non-administrative permission to allow a non-admin account to view, save and clear event logs. I've tried different permissions on a test account on my network and once I added the administrator permission to the test account, then it allowed the account to view, save and clear event logs. Maybe that's the answer ... just giving the test account administrator permissions and not domain admin permissions
    LVL 16

    Expert Comment

    by:Dale Harris
    I think your way would work just fine, giving them local admin over that box, but would you be against automating things with PowerShell?  I know I reach for PowerShell as a solution to everything, but you can do a lot with what you're talking about.  

    My preferred option would be to use a script to view any event logs, clear them out, save/export them.  And you could automate the rollup and have it send an email with HTML formatting.  It might look like this:

    Type and Description                      Event ID          Occurrences         Server Name
    "Warning: Here's a message"             1111                  15                       Test1
    "Error: Here's a diff one"                 2222                   1                        Test2

    I hated going through event logs individually, but you really only care about a few core server logs, right?  You're either looking for MANY errors that you weren't expecting, or you look for lockouts, failed logins, etc.  I'm sure there's an exhaustive list you could find that you're looking for, but you could really save time by not having someone manually go through them.  The good thing is, once you make your exhaustive list of what you're looking for, and all the rest becomes "white noise", you can rest easy knowing that you're going to be able to get an instant look at your server health each morning with that email.  You don't even have to make a list of the errors you're especially worried about.  You can just create one that polls all the servers in a list, grabs all the event logs, and grabs just the security failures, application criticals, system criticals, and then gives you a list of each ID and how many times they showed up.  Then, looking at those errors the first time is necessary.   You make notes: "I don't care about eventID 64 because it's something I can't fix because we can't update our whatever", so now 64 is a common occurrence and you're trained to keep looking for stuff that would actually be a problem.  You keep going down this road and make your "acceptable errors" list and get a rollup each day that you can compare to the previous day.  If you see a spike or an unknown ID, you know you'll have to investigate.  There's SOOOO much you could shorten out of your day.  We went out one time and had to keep servers up for about a year.  In that time, we made our daily server checks all automated and pretty much saved 4 hours a day that way.  It's worth the investment.

    Here's a quick command to get all the Critical Errors in the last 24 hours in like 2 seconds then sort by ID and do a count:

    $Logs = Get-WinEvent -FilterHashTable @{LogName='Application'; level=2; StartTime=((get-date).adddays(-1))} -EA SilentlyContinue
    $Logs | Group ID | select name,count

    Open in new window

    Normally, not using a FilterHashTable, you would be looking at a large amount of seconds if you had to wait for it to go through each log entry.

    But if you wanted to do all this, I would recommend breaking down what you need further and putting the question under Powershell.

    LVL 38

    Accepted Solution

    Is it necessary to view them in the event viewer, or would another format work as well? What is being looked for? WMI can be used to read the event logs, as long as you apply permissions to the proper namespace.There are 3rd party tools to FWD logs to a central place place. In XP you can't copy event logs(files) and have the event viewer read them (they are marked "dirty"). You can do a save-as/export and read them. This is not true in Vista and 7, you can copy them and read them on another computer (just copy them over). You do need permission to get to those directories which non-admins do not have.

    Author Comment

    Thanks to everyone for the detailed comments above. I guess the answer to my question is No.... there aren't any active directory non-admin permissions to allow viewing, saving and then clearing of event viewer logs for multiple computers on a network via the computer management window. During my testing it seems like an account must apart of the domain admin group to have the full permissions to view, save and clear event viewer logs.

    We have a dedicated person that does our network logs for our workstations and servers and the person currently has an full admin account on our network. If possible it was preferred to provide the person with limited admin priviledges in order to do the logs instead of a full admin account.

    I'm not familiar with PowerShell but have heard of it and seen it. I do have an automated .vbs script that pulls logs as well if it's decided to go back to that route. Pulling the logs manually for this particular person allowed the person to consume time in reviewing logs and saving them to the network at it's own pace.
    LVL 38

    Expert Comment

    by:Rich Rumble
    You don't need domain admin unless it's a domain controller, otherwise local admin works well. If you have 2003 you can FWD the logs. (Applies To: Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows Vista)

    Author Closing Comment

    Just as I thought.... non-admin accounts cannot access event logs within event viewer on a network domain.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now