RE: Set ACL on Application and Security logs

From: Kern, Tom (tkern_at_CHARMER.COM)
Date: 05/16/05

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #241"
    Date: Mon, 16 May 2005 16:28:55 -0400
    To: "Z E" <z.emailaccount@gmail.com>
    
    

    The name is misleading but thats what it applies to If you set the "RestrictGuestAccess" to "1", it will only allow members of the local administrators group to read the log you specified in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ <log name>. Where <log name> is application or system.

    Also you can configure it in a GPO in Computer Configuration\Windows Settings\Security Settings\Event Log.

    -----Original Message-----
    From: Z E [mailto:z.emailaccount@gmail.com]
    Sent: Monday, May 16, 2005 12:06 PM
    To: Kern, Tom
    Cc: focus-ms@securityfocus.com
    Subject: Re: Set ACL on Application and Security logs

    My apologies for neglecting to mention that I'm using W2k Pro.

    >You can do it in win2k its fairly easy with a gpo or manually adding
    a value to this reg key-
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\"name of
    eventlog" and create a dword value of 1.

    I found the "RestrictGuestAccess" DWORD value - but that doesn't help
    since I am dealing with authenticated domain users. Is there another
    one?

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #241"