how to add network service to local event log readers group via GPO

gmckfn
gmckfn used Ask the Experts™
on
I need to add Network Service account to the local event log readers group of a server via Domain GPO.  Windows 2008 R2 servers.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solutions Only
OWNER
Commented:
try this.

> Group = BUILTIN\Event Log Readers
> Members = NT Authority\NETWORK SERVICE
 
Either use MemberOf instead of Members (which would require a
"intermediate" group and will not work for the network service, because
Network service is a local account and can only be member of local
groups, and you cannot nest local groups), or switch from RG to GPP LUG
(Group Policy Preferences "Local Users and Groups").
 
Jian An LimSolutions Architect
Top Expert 2016

Commented:
i will use group policy preference to add them into Event log readers


http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/  <-- change the "local administrator" to "even log readers"
gmckfn

Author

Commented:
That helped me with adding network service to my event log readers group but how do I get a computer account to be added to the local group?   I tried %DomainName%\Taco but its not populating into the event logs readers group.  Any ideas.  Thanks for the first part guys!!
Jian An LimSolutions Architect
Top Expert 2016
Commented:
computer account need to have $ at the back of the machinename

so %domainname%\machinename$.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial