Jimmy Wang
asked on
how to give read only to event viewer logs on Domain controller to a service account
i would like to give read only on event viewer logs on all domain controller in order to monitor eventID. what is the best way without giving too much permission ?
we are running Windows 2012 R2 domain controller
we are running Windows 2012 R2 domain controller
Robert
Have you tried adding the users to the builtin group "Event log readers"?
ASKER
I wasn't sure this "Event log readers" group include the domain controller access to read event viewer. our procedure can change on the fly with production DCs and I don't have a test environment to test this.. can you confirm this is this does include domain controller not just member servers ?
Yes it should work as long as all your DC's are at least 2008 R2 I believe.
ASKER
ok.. thanks for getting back to me. I will give that a try.
I meant, we can't changes on the fly so I just need to confirm it.. but it does sound like it should..
I meant, we can't changes on the fly so I just need to confirm it.. but it does sound like it should..
i would like to give read only on event viewer logs on all domain controller in order to monitor eventID. what is the best way without giving too much permission ?
Event log forwarding to another host which the service account has access to. Or run an agent like SCOM/Splunk to export or alert on events as they are generated in real time.
ASKER
tried with "Event log readers" group didn't work to access domain controller event viewer.
Learnctx,
we not running SCOM here at our company. we are using WindSolar that is why we need to service account that can have access to event viewer. any other method to give read only on domain controller to read event viewer permission ? any KB ?
Learnctx,
we not running SCOM here at our company. we are using WindSolar that is why we need to service account that can have access to event viewer. any other method to give read only on domain controller to read event viewer permission ? any KB ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Robert,
thanks for the KB.. I assume this would also apply to Windows 2012 R2 domain controller or is there another link for windows 2012 DC's ?
thanks for the KB.. I assume this would also apply to Windows 2012 R2 domain controller or is there another link for windows 2012 DC's ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes the steps for the article provides for 2008 should work for server 2012.
That said the process provided is basically manually assigning permissions that the event log readers group should already provide.
That said the process provided is basically manually assigning permissions that the event log readers group should already provide.
ASKER
thanks Learnctx and Robert.
ASKER
Thank You both.. ! much appreciated
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Robert (https:#a42423617)
-- Learnctx (https:#a42424184)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Robert (https:#a42423617)
-- Learnctx (https:#a42424184)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer