RE: Set ACL on Application and Security logs

From: Kern, Tom (tkern_at_CHARMER.COM)
Date: 05/16/05

  • Next message: Kern, Tom: "RE: Set ACL on Application and Security logs"
    Date: Mon, 16 May 2005 11:13:13 -0400
    To: "Z E" <z.emailaccount@gmail.com>, <focus-ms@securityfocus.com>
    
    

    You can do it in win2k its fairly easy with a gpo or manually adding a value to this reg key-
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\"name of eventlog" and create a dword value of 1.
    There is alos a GPO for this.

    For win2k3 look here-

    http://support.microsoft.com/default.aspx?scid=kb;en-us;323076

    You have to use SDDL, so its a little more of a pita.

    Hope this helps

    Z E wrote:
    > Is there a way to prevent users from accessing the information in the
    > system and application logs? similar to the way that the security log
    > is restricted?
    >
    > File system ACLs on the log files do not work. Plus, restricting the
    > Event viewer and computer management MMCs through group policy does
    > not ensure that users do not use command line tools to access these
    > logs.
    >
    > Thanks for the help.
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Kern, Tom: "RE: Set ACL on Application and Security logs"