RE: Set ACL on Application and Security logs

From: Kern, Tom (tkern_at_CHARMER.COM)
Date: 05/16/05

  • Next message: Kern, Tom: "RE: Set ACL on Application and Security logs"
    Date: Mon, 16 May 2005 11:13:13 -0400
    To: "Z E" <z.emailaccount@gmail.com>, <focus-ms@securityfocus.com>
    
    

    You can do it in win2k its fairly easy with a gpo or manually adding a value to this reg key-
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\"name of eventlog" and create a dword value of 1.
    There is alos a GPO for this.

    For win2k3 look here-

    http://support.microsoft.com/default.aspx?scid=kb;en-us;323076

    You have to use SDDL, so its a little more of a pita.

    Hope this helps

    Z E wrote:
    > Is there a way to prevent users from accessing the information in the
    > system and application logs? similar to the way that the security log
    > is restricted?
    >
    > File system ACLs on the log files do not work. Plus, restricting the
    > Event viewer and computer management MMCs through group policy does
    > not ensure that users do not use command line tools to access these
    > logs.
    >
    > Thanks for the help.
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Kern, Tom: "RE: Set ACL on Application and Security logs"

    Relevant Pages

    • Set ACL on Application and Security logs
      ... system and application logs? ... similar to the way that the security log ... File system ACLs on the log files do not work. ... Plus, restricting the ...
      (Focus-Microsoft)
    • Re: how can I override a Group policy if admin is logged in?
      ... MCSE, CCEA, Microsoft MVP - Terminal Server ... > to the MMC snap in and click on the properties for the GPO I ... > whenever the admin logs in they will not have the GPO applied? ... >> Vera Noest ...
      (microsoft.public.windows.terminal_services)
    • Re: Computers groups and logon script
      ... Little clarification...I am pretty much trying to map networked printers ... printer when the computer logs itself in and before the user. ... another GPO after every other GPO is executed in the proper order. ... you can do this using a computer startup script in Group Policy. ...
      (microsoft.public.win2000.group_policy)
    • Re: Group Policy SBS 2003
      ... Applying user policy based on where the user logs in is called "loopback ... Loopback processing of Group Policy ... LAN users logon onto the terminals I want to be able to apply a GPO ... but the GPO should only apply if they log onto the terminal server ...
      (microsoft.public.windows.server.sbs)
    • Re: Prevent DC policies from being applied on TS
      ... I have environment where we loopback merge user settings to ... the TS OU linked loopback GPO in place)? ... But as he also logs in to a Termal ... another that allows desktop icons in a TS session. ...
      (microsoft.public.windows.group_policy)