RE: windows 2000 security logs

From: Birl (sbirl_at_temple.edu)
Date: 09/10/03

  • Next message: Michael Wheeler: "RE: Security for Win XP Home" 
    Date: Wed, 10 Sep 2003 16:58:33 -0400 (EDT)
To: focus-ms@securityfocus.com

    As it was written on Sep 9, thus dacruz@star-1.com typed:

    Dacruz: From: dacruz@star-1.com
    Dacruz:
    Dacruz: You can just set permissions on the log file located at
    Dacruz: C:\winnt\system32\config\
    Dacruz:
    Dacruz: }-----Original Message-----
    Dacruz: }From: Lubrano di Ciccone, Christophe (DEF) [mailto:diciccone@ppg.com]
    Dacruz: }
    Dacruz: }Not sure.
    Dacruz: }You could create a short batch using dumpel.exe and filter the
    Dacruz: }events. See Q299475 for all the windows 2000 security event
    Dacruz: }description. I recommend to read this interesting document :
    Dacruz: }Account Passwords and Policies (see
    Dacruz: }http://www.microsoft.com/technet/treeview/default.asp?url=/tech
    Dacruz: net/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp)
    Dacruz: Christophe
    Dacruz:
    Dacruz: -----Original Message-----
    Dacruz: From: Trey Stevens [mailto:treystevens@comcast.net]
    Dacruz:
    Dacruz:
    Dacruz: Is there a place in group policy in which you can define who can read the
    Dacruz: security logs? In our shop, we have domain controllers at sites in which the
    Dacruz: IT staffs are not domain admins but still need to be able to see the
    Dacruz: security logs to look for account lockouts.
    Dacruz:  
    Dacruz:  
    Dacruz: Thanks in advance,
    Dacruz:  
    Dacruz:  
    Dacruz: T. Stevens

    Christophe,
    Remember that DumpEL is a part of the Resource Kit which is a separate CD.
    I believe that, in the past, one had to buy the ResKit separately.

    Dacruz,
    Assuming that the C:\ drive is not FAT (which I've seen) but NTFS,
    setting the permissions on that directory will not allow a user to
    view the logs via the EventViewer.

    Thanks

     Scott Birl http://concept.temple.edu/sysadmin/
     Senior Systems Administrator Computer Services Temple University
    ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

  • Next message: Michael Wheeler: "RE: Security for Win XP Home"