RE: Securing Application and System logs on WinNT/2K

From: Martin Brys (MBrys@mvsinc.com)
Date: 02/12/02


From: Martin Brys <MBrys@mvsinc.com>
To: "Free, Bob" <RWF4@pge.com>, focus-ms@securityfocus.com
Date: Tue, 12 Feb 2002 14:12:59 -0500

Yes, we tried securing permissions for
%systemroot%\System32\config\SysEvent.evt files. Unfortunately, you can
still open the log files using the Event Viewer from the remote machine.

Martin

-----Original Message-----
From: Free, Bob [mailto:RWF4@pge.com]
Sent: Tuesday, February 12, 2002 2:01 PM
To: 'Martin Brys'; focus-ms@securityfocus.com
Subject: RE: Securing Application and System logs on WinNT/2K

Just set the NTFS permissions to the files as you require, IE-
%systemroot%\System32\config\SysEvent.evt etc...

-----Original Message-----
From: Martin Brys [mailto:MBrys@mvsinc.com]
Sent: Tuesday, February 12, 2002 9:18 AM
To: focus-ms@securityfocus.com
Subject: Securing Application and System logs on WinNT/2K
Importance: High

Does anyone know a method to secure Application and System Event Logs to
allow viewing only to Administrators? Restrictive permissions are set by
default for Security Event Log, can we achieve the same or similar behavior
for other logs (hopefully including Directory Services, DNS and File
Replication Service on Domain Controllers)? Any hints would be appreciated.

Martin Brys MCSE



Relevant Pages

  • RE: Securing Application and System logs on WinNT/2K
    ... Just set the NTFS permissions to the files as you require, ... Securing Application and System logs on WinNT/2K ...
    (Focus-Microsoft)
  • Event Forwarding with Windows 2008
    ... forwarding in production yet? ... logs from Domain Admins and how have auditors reacted to their ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Server Reports empty
    ... please double check the Monitoring virtual directory has ... --Execute Permissions: Script only ... Please double-check the default application pool in IIS. ... >>specify additional logs to be attached. ...
    (microsoft.public.windows.server.sbs)
  • Re: Simultaneous sound for 2 users under f7
    ... Part of the problem is that the permissions of these devices are ... only lasts until someone logs into or out of the local console. ... the first non-root user logs into the local console, the ownership ...
    (Fedora)
  • AskEU - Usage problem
    ... The chap did suggest that I might have some spyware or a trojan on my system, and that the logs in my firewall might show what was going on. ... I've just been through all the programs listed in Zone Alarm and rescinded all permissions to access the internet from everything except Thunderbird, Firefox, AVG, Zone Alarm and a few System Processes, which ZA strongly recommended I didn't touch. ...
    (uk.media.radio.archers)