User Access to DC Security Log

[gmail2]

One of our IT managers (who just has a restricted account with no admin privileges at all) wants to be able to view the security logs on our Domain Controllers. Is there any way that I can do this through policy? Or do I just have to give the user permissions to the individual .evt files? I presume if I were to just give them read permissions, they would only be able to view the log but could not clear it? I know I can add them to the "Server Operators" group, but this seem to give them a bit too much privileges than they need.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[IllogicallyLogical]

You could add them to the "Manage auditing and security log" user rights assignment on the DC.

Joey
A+, Network +, MCP

 

[gmail2]

I think that would give them more access than I would like. I've decided to give the user permissions to the specific *.evt files that they require. However, I've run into more problems. When the user tries to access another PC on event viewer, it will use the C$ share to do this. Because this is an admin share, only admins will have rights to it - which defeats the purpose or what I'm trying to do !! So even if I gave the user "Manage auditing and security log" rights, they woudln't be able to connect would they?

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau