RE: Set ACL on Application and Security logs
From: Kern, Tom (tkern_at_CHARMER.COM)
Date: 05/16/05
- Previous message: Z E: "Re: Set ACL on Application and Security logs"
- Maybe in reply to: Z E: "Set ACL on Application and Security logs"
- Next in thread: Z E: "Re: Set ACL on Application and Security logs"
- Reply: Z E: "Re: Set ACL on Application and Security logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 May 2005 11:13:13 -0400 To: "Z E" <z.emailaccount@gmail.com>, <focus-ms@securityfocus.com>
You can do it in win2k its fairly easy with a gpo or manually adding a value to this reg key-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\"name of eventlog" and create a dword value of 1.
There is alos a GPO for this.
For win2k3 look here-
http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
You have to use SDDL, so its a little more of a pita.
Hope this helps
Z E wrote:
> Is there a way to prevent users from accessing the information in the
> system and application logs? similar to the way that the security log
> is restricted?
>
> File system ACLs on the log files do not work. Plus, restricting the
> Event viewer and computer management MMCs through group policy does
> not ensure that users do not use command line tools to access these
> logs.
>
> Thanks for the help.
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Z E: "Re: Set ACL on Application and Security logs"
- Maybe in reply to: Z E: "Set ACL on Application and Security logs"
- Next in thread: Z E: "Re: Set ACL on Application and Security logs"
- Reply: Z E: "Re: Set ACL on Application and Security logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
