RE: Securing Application and System logs on WinNT/2K
From: Martin Brys (MBrys@mvsinc.com)Date: 02/12/02
- Previous message: Laura A. Robinson: "Re: Where would the changes be saved?"
- Maybe in reply to: Martin Brys: "Securing Application and System logs on WinNT/2K"
- Next in thread: Martin Brys: "RE: Securing Application and System logs on WinNT/2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Martin Brys <MBrys@mvsinc.com> To: "Free, Bob" <RWF4@pge.com>, focus-ms@securityfocus.com Date: Tue, 12 Feb 2002 14:12:59 -0500
Yes, we tried securing permissions for
%systemroot%\System32\config\SysEvent.evt files. Unfortunately, you can
still open the log files using the Event Viewer from the remote machine.
Martin
-----Original Message-----
From: Free, Bob [mailto:RWF4@pge.com]
Sent: Tuesday, February 12, 2002 2:01 PM
To: 'Martin Brys'; focus-ms@securityfocus.com
Subject: RE: Securing Application and System logs on WinNT/2K
Just set the NTFS permissions to the files as you require, IE-
%systemroot%\System32\config\SysEvent.evt etc...
-----Original Message-----
From: Martin Brys [mailto:MBrys@mvsinc.com]
Sent: Tuesday, February 12, 2002 9:18 AM
To: focus-ms@securityfocus.com
Subject: Securing Application and System logs on WinNT/2K
Importance: High
Does anyone know a method to secure Application and System Event Logs to
allow viewing only to Administrators? Restrictive permissions are set by
default for Security Event Log, can we achieve the same or similar behavior
for other logs (hopefully including Directory Services, DNS and File
Replication Service on Domain Controllers)? Any hints would be appreciated.
Martin Brys MCSE
- Previous message: Laura A. Robinson: "Re: Where would the changes be saved?"
- Maybe in reply to: Martin Brys: "Securing Application and System logs on WinNT/2K"
- Next in thread: Martin Brys: "RE: Securing Application and System logs on WinNT/2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
