RE: Accessing eventlogs remotely on W2K3 Server
From: Sergey V. Gordeychik (gordey_at_infosec.ru)
Date: 01/12/04
- Previous message: Simon Taplin: "Active Directory Question"
- Maybe in reply to: Aditya [ Aditya Lalit Deshmukh ]: "RE: Accessing eventlogs remotely on W2K3 Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Jan 2004 10:14:55 +0300 To: <dwr3ck@hushmail.com>, <focus-ms@securityfocus.com>
You don't need to give user administrators if they just need to view
logs.
They just need "Access this computer from network" right if "Restrict
guest access to application Log" and "Restrict guest access to system
Log" don't set.
If you restrict guest access, than users need "Manage audit and security
logs" to access log files.
But remember, those users who have "Manage audit and security logs" can
clear security log.
In W2K3 you can use more flexible technique to customize permissions on
log files:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
Another solution - save event logs in database and provide web-based
(for example) access to log files. Or just build web based system to
access event log. Than you can use IIS permission to allow/disallow
access to different logs.
Good start point to this solution is Microsoft LogParser 2.0
(http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid
=8cde4028-e247-45be-bab9-ac851fc166a4), or scripts from Microsoft
Scriptcenter
(http://www.microsoft.com/technet/scriptcenter/logs/default.asp).
-----Original Message-----
From: dwr3ck@hushmail.com [mailto:dwr3ck@hushmail.com]
Sent: Tuesday, December 30, 2003 9:51 PM
To: focus-ms@securityfocus.com
Subject: Accessing eventlogs remotely on W2K3 Server
In shared web environments it is necessary to enable application owners
to view the event logs on the IIS servers hosting their applications
(minus the security log).
This is easy to do in W2K server by having them use the run as command
with the event viewer MMC from their machines with an account that has
user privileges on the server (that DOES NOT have log on locally access
etc).
I have found one reference on the MS web site that indicates that you
must be a local admin on the server to view event logs remotely.
Has anyone else run into this? I need to provide real-time access but
I cannot give the application owners local admin accounts. Also,
enabling
guest access to the logs is not an option.
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Simon Taplin: "Active Directory Question"
- Maybe in reply to: Aditya [ Aditya Lalit Deshmukh ]: "RE: Accessing eventlogs remotely on W2K3 Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
