Re: event viewer

From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 08/14/02 

From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com>
Date: Tue, 13 Aug 2002 17:04:18 -0700

Svyatoslav is correct, you cannot prevent administrators from doing
anything, only make it more difficult. If a user account has the right to
replace OS components or to alter memory (via debugging) while the OS is
running, that user can do *ANYTHING*. 

--
Eric Fitzgerald
Program Manager, Windows Auditing and Intrusion Detection
Microsoft Corporation
"S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
news:O2lbNlSPCHA.2688@tkmsftngp11...
> Can't admins reverse the setting?
>
> I would suggest adding rights to mere users rather than trying to limit
> access to admins..
>
> --
> Svyatoslav Pidgorny, MS MVP, MCSE
> -= F1 is the key =-
>
> "B. Goodman" <no@spam.org> wrote in message
> news:MPG.17b8574c73b4b27f989684@msnews.microsoft.com...
> > In article <0ca301c23c50$9b22e200$a5e62ecf@tkmsftngxa07>,
> > ithssszu@bh.com.pl says...
> > > hi,
> > > i have a question : is there any possibility to restrict
> > > administrator group in nt server to view security events ?
> > > i must install security log manager agent and i have deny
> > > all users (admin also) to view this.
> > > i saw that situation on some servers and i want to do this
> > > the same.
> > >
> > > thanks for any help.
> > > regards
> > >
> > > szymon szumicki
> > > bank handlowy w warszawie a member of citigroup
> > > warsaw
> > > poland
> > >
> > If the server is a domain controller, just go into User Manager for
> > Domains (usrmgr.exe) under the Policies menu and select "User
> > Rights...".  From there, use the drop-down box to select "Manage
> > auditing and security log".  Go under "Grant To:", remove
> > "Administrators" and add only the account(s) or group(s) you want to
> > have this permission.
> >
> > If the server is a member server, you need to go into User Manager for
> > that server.  Probably easiest is with Start / Run and type "usrmgr \\%
> > computername%" (don't actually enter the quotation marks).  At the top
> > of the user manager window, you should see something like "User Manager
> > - \\YourComputername".  Then, do the same thing under Policies.
> >
> > Remember that there is no warranty, expressed or implied, in my advice.
> > Always be sure you have good backups of important files before making
> > configuration changes.
> >
> > Good luck!
> >
> >
> >
> > B. Goodman
>
>

Relevant Pages

  • Re: event viewer
    ... Can't admins reverse the setting? ... >> administrator group in nt server to view security events? ... >> i must install security log manager agent and i have deny ... > If the server is a member server, you need to go into User Manager for ...
    (microsoft.public.security)
  • Re: Windows XP SP2 unable to access NT 4 User Manger
    ... It was a network shortcut from ... >> I have recently installed Windows XP SP2 on my machine ... >> User Manager and Server Manager for our Windows NT 4 ... >> Server Manager, but I am able to open the User Manager, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XPProSp2 - NT4 User Manager problem
    ... I guess I tend to think that a new lockdown setting, rather than a bug, per ... You might post in one of the Windows Server groups where other server admins ... >>I use a Windows XP machine to run User Manager for Domains on a Windows ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: XPSP2 - NT4 User Manager for Domains
    ... it's a tad misleading since the package is called Server 2003 ... Resource Kit... ... > "Jeff Rebeiro" ... >> I have SP2 installed and User Manager for Domains works for me. ...
    (microsoft.public.windowsxp.help_and_support)