Re: Securing Application and System logs on WinNT/2K

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 02/13/02


From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "Martin Brys" <MBrys@mvsinc.com>, <focus-ms@securityfocus.com>
Date: Tue, 12 Feb 2002 23:33:28 -0500

Try setting permissions on the key so that the computer at which the user is
sitting to remotely access the event logs doesn't have read permission. (You
should really be using groups containing computer accounts for this, but you
get the gist).

Laura
----- Original Message -----
From: "Martin Brys" <MBrys@mvsinc.com>
To: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>;
<focus-ms@securityfocus.com>
Sent: Tuesday, February 12, 2002 2:08 PM
Subject: RE: Securing Application and System logs on WinNT/2K

> Yes, I tried changing the registry permission for
> HKLM\System\CurrentControlSet\Services\Eventlog\ keys and it does not
work.
> After the modification of each key permissoins, you still can view the log
> from the remote machine when first connected with the Event Viewer
> (interesting fact, subsequent refresh commands will cause events to
> disappear thou).
> Any other ideas?
>
> Martin
>
>
> -----Original Message-----
> From: McCammon, Keith [mailto:Keith.McCammon@eadvancemed.com]
> Sent: Tuesday, February 12, 2002 1:37 PM
> To: Martin Brys; focus-ms@securityfocus.com
> Subject: RE: Securing Application and System logs on WinNT/2K
>
>
> Change permissions on HKLM\System\CurrentControlSet\Services\Eventlog\*
> as needed.
>
> -----Original Message-----
> From: Martin Brys [mailto:MBrys@mvsinc.com]
> Sent: Tuesday, February 12, 2002 12:18 PM
> To: focus-ms@securityfocus.com
> Subject: Securing Application and System logs on WinNT/2K
> Importance: High
>
>
> Does anyone know a method to secure Application and System Event Logs to
> allow viewing only to Administrators? Restrictive permissions are set by
> default for Security Event Log, can we achieve the same or similar
> behavior
> for other logs (hopefully including Directory Services, DNS and File
> Replication Service on Domain Controllers)? Any hints would be
> appreciated.
>
> Martin Brys MCSE



Relevant Pages

  • RE: Securing Application and System logs on WinNT/2K
    ... After the modification of each key permissoins, you still can view the log ... Securing Application and System logs on WinNT/2K ... Does anyone know a method to secure Application and System Event Logs to ... Restrictive permissions are set by ...
    (Focus-Microsoft)
  • Re: SBS Standard WSUS looking for SQL
    ... If the errors are evident in your event logs, you can trace them out at www.eventid.net. ... One of the startup errors I am having is that it can't cycle the error ... I have been trying to give the error log files full permissions, ...
    (microsoft.public.windows.server.sbs)
  • Re: Server Reports empty
    ... please double check the Monitoring virtual directory has ... --Execute Permissions: Script only ... Please double-check the default application pool in IIS. ... >>specify additional logs to be attached. ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem in Exchange, not many info in logs, please help!
    ... Clear the event logs on the server and connect with a client that has the ... Default Offline Address List ...
    (microsoft.public.windows.server.sbs)
  • Re: How to sort a comma delimited text file?
    ... > Trying to make a script that takes 4 different event log files, ... If you mean the Windows Event logs, these are not comma delimited files. ... Dim strComputer, objWMIService, colLoggedEvents, objEvent ...
    (microsoft.public.scripting.vbscript)