Re: Remote access to event logs

From: Gerry Hickman (gerry666uk_at_yahoo.co.uk)
Date: 08/16/05

  • Next message: LarMan: "EFS Errors"
    Date: Tue, 16 Aug 2005 22:39:03 +0100
    
    

    Hi Steven,

    OK, it makes sense now. The three servers I work on most of the time are
    not DCs, and I'm pretty sure users can't connect to them at all with
    MMC, but I can see DCs would be a different matter if users are in
    DOMAIN USERS.

    Hmm, that's an interesting one. I'll have to try it in both cases...

    > Yes. Assuming they have smb connectivity and access this computer from the
    > network user right to the server and they are in the users group on that
    > server [which could be via domain users] they could be able to use Computer
    > Management to navigate to the server from their workstation and view the
    > system and application logs. This has been a common complaint as admins
    > found that this was possible. One way to prevent such is to add the users to
    > the guests group on the server and then configure Local Security Policy [or
    > appropriate security policy] to not allow guests to access system and
    > application logs. Try it on your network to see what you can do while logged
    > on as a regular user. --- Steve
    >
    >
    > "Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
    > news:uQJi3SdoFHA.1996@TK2MSFTNGP10.phx.gbl...
    >
    >>Steven L Umbach wrote:
    >>
    >>
    >>>By default users of a server should be able to view the system and
    >>>application log on a server, but not the security log via Computer
    >>>Management - other computer Event Viewer. --- Steve
    >>
    >>When you say "server", I assume you mean their own computer? Do you mean
    >>they can connect to a remote Windows Server computer too?
    >>
    >>--
    >>Gerry Hickman (London UK)
    >
    >
    >

    -- 
    Gerry Hickman (London UK)
    

  • Next message: LarMan: "EFS Errors"