RE: Securing Application and System logs on WinNT/2K

From: Martin Brys (MBrys@mvsinc.com)
Date: 02/12/02


From: Martin Brys <MBrys@mvsinc.com>
To: "Free, Bob" <RWF4@pge.com>, focus-ms@securityfocus.com
Date: Tue, 12 Feb 2002 14:12:59 -0500

Yes, we tried securing permissions for
%systemroot%\System32\config\SysEvent.evt files. Unfortunately, you can
still open the log files using the Event Viewer from the remote machine.

Martin

-----Original Message-----
From: Free, Bob [mailto:RWF4@pge.com]
Sent: Tuesday, February 12, 2002 2:01 PM
To: 'Martin Brys'; focus-ms@securityfocus.com
Subject: RE: Securing Application and System logs on WinNT/2K

Just set the NTFS permissions to the files as you require, IE-
%systemroot%\System32\config\SysEvent.evt etc...

-----Original Message-----
From: Martin Brys [mailto:MBrys@mvsinc.com]
Sent: Tuesday, February 12, 2002 9:18 AM
To: focus-ms@securityfocus.com
Subject: Securing Application and System logs on WinNT/2K
Importance: High

Does anyone know a method to secure Application and System Event Logs to
allow viewing only to Administrators? Restrictive permissions are set by
default for Security Event Log, can we achieve the same or similar behavior
for other logs (hopefully including Directory Services, DNS and File
Replication Service on Domain Controllers)? Any hints would be appreciated.

Martin Brys MCSE



Relevant Pages

  • RE: Securing Application and System logs on WinNT/2K
    ... Just set the NTFS permissions to the files as you require, ... Securing Application and System logs on WinNT/2K ...
    (Focus-Microsoft)
  • Event Forwarding with Windows 2008
    ... forwarding in production yet? ... logs from Domain Admins and how have auditors reacted to their ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Server Reports empty
    ... please double check the Monitoring virtual directory has ... --Execute Permissions: Script only ... Please double-check the default application pool in IIS. ... >>specify additional logs to be attached. ...
    (microsoft.public.windows.server.sbs)
  • Re: Simultaneous sound for 2 users under f7
    ... Part of the problem is that the permissions of these devices are ... only lasts until someone logs into or out of the local console. ... the first non-root user logs into the local console, the ownership ...
    (Fedora)
  • Re: Unable to access System & Application logs
    ... Hi there, I also have about the same problem, cannot access eventlogs ... > automatically generate new, clear logs. ... Check the ntfs permissions on the .evt logs on the dc's to make ... >>> I can view the security log, Directory service, DNS server and File ...
    (microsoft.public.win2000.security)