Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server 2008, creating a GPO to force ACL permissions to event logs

Status
Not open for further replies.

Sniffer2112

IS-IT--Management
Mar 10, 2009
67
US
Managed GPO server is 2008
Servers to be affected by GPO are 2008 and 2003

Task: I'm trying to create a way to have the permissions for certain event files be the same.
local\administrator read/write
Domain\<groupname> All
local\SYSTEM All

The parent folder has the SYSTEM and local administrator as All. The domain\<groupname> is not present. Normally the event files inherant the parent folder's permissions which I do not want to do. I can manually change the event file's permissions but when they get backed up and Windows creates a new one, the go back to the parent folder's permissions. So I always have to add the domain\<groupname> account and change the local\administrator permissions.

I have tried to create a new GPO under:
Computer Configuration > Policies > Windows Settings > Security Settings > File System

I would right click on File System and select Add File. Then under the Folder box I would type in the complete path/file. Example for 2003: C:\Windows\System32\config\AppEvent.Evt
Example for 2008: C:\Windows\System32\WinEvt\Logs\Application.Evtx

Then I would make my permission to what I want them to under the Database Security for... dialog box. Adding the domain\<groupname> account.

I would do this for all the event files that I wanted to change.
I do assign the GPO to the correct "OU" in the GPO management.

Here is the link I was using to do my task:
But when I do a gpupdate /force to push the new settings, they do not take.


Any ideas on why? Or is there another way to do this without changing the parent folder's permissions?

-Todd-
CCNA
MCTS: Sever 2008 AD Configuration
CompTIA: A+, Security+

**Mathmatics affect 7 out 5 people each day**
 
Update...

Turns out there was another GPO that was setting the permissions on the root folder. Once that was removed, the GPO that I created took effect.

-Todd-
CCNA
MCTS: Sever 2008 AD Configuration
CompTIA: A+, Security+

**Mathmatics affect 7 out 5 people each day**
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top