Sniffer2112
IS-IT--Management
Managed GPO server is 2008
Servers to be affected by GPO are 2008 and 2003
Task: I'm trying to create a way to have the permissions for certain event files be the same.
local\administrator read/write
Domain\<groupname> All
local\SYSTEM All
The parent folder has the SYSTEM and local administrator as All. The domain\<groupname> is not present. Normally the event files inherant the parent folder's permissions which I do not want to do. I can manually change the event file's permissions but when they get backed up and Windows creates a new one, the go back to the parent folder's permissions. So I always have to add the domain\<groupname> account and change the local\administrator permissions.
I have tried to create a new GPO under:
Computer Configuration > Policies > Windows Settings > Security Settings > File System
I would right click on File System and select Add File. Then under the Folder box I would type in the complete path/file. Example for 2003: C:\Windows\System32\config\AppEvent.Evt
Example for 2008: C:\Windows\System32\WinEvt\Logs\Application.Evtx
Then I would make my permission to what I want them to under the Database Security for... dialog box. Adding the domain\<groupname> account.
I would do this for all the event files that I wanted to change.
I do assign the GPO to the correct "OU" in the GPO management.
Here is the link I was using to do my task:
But when I do a gpupdate /force to push the new settings, they do not take.
Any ideas on why? Or is there another way to do this without changing the parent folder's permissions?
-Todd-
CCNA
MCTS: Sever 2008 AD Configuration
CompTIA: A+, Security+
**Mathmatics affect 7 out 5 people each day**
Servers to be affected by GPO are 2008 and 2003
Task: I'm trying to create a way to have the permissions for certain event files be the same.
local\administrator read/write
Domain\<groupname> All
local\SYSTEM All
The parent folder has the SYSTEM and local administrator as All. The domain\<groupname> is not present. Normally the event files inherant the parent folder's permissions which I do not want to do. I can manually change the event file's permissions but when they get backed up and Windows creates a new one, the go back to the parent folder's permissions. So I always have to add the domain\<groupname> account and change the local\administrator permissions.
I have tried to create a new GPO under:
Computer Configuration > Policies > Windows Settings > Security Settings > File System
I would right click on File System and select Add File. Then under the Folder box I would type in the complete path/file. Example for 2003: C:\Windows\System32\config\AppEvent.Evt
Example for 2008: C:\Windows\System32\WinEvt\Logs\Application.Evtx
Then I would make my permission to what I want them to under the Database Security for... dialog box. Adding the domain\<groupname> account.
I would do this for all the event files that I wanted to change.
I do assign the GPO to the correct "OU" in the GPO management.
Here is the link I was using to do my task:
But when I do a gpupdate /force to push the new settings, they do not take.
Any ideas on why? Or is there another way to do this without changing the parent folder's permissions?
-Todd-
CCNA
MCTS: Sever 2008 AD Configuration
CompTIA: A+, Security+
**Mathmatics affect 7 out 5 people each day**
