Re: Remote access to event logs

From: Gerry Hickman (gerry666uk_at_yahoo.co.uk)
Date: 08/16/05

  • Next message: LarMan: "EFS Errors" 
    Date: Tue, 16 Aug 2005 22:39:03 +0100

    Hi Steven,

    OK, it makes sense now. The three servers I work on most of the time are
    not DCs, and I'm pretty sure users can't connect to them at all with
    MMC, but I can see DCs would be a different matter if users are in
    DOMAIN USERS.

    Hmm, that's an interesting one. I'll have to try it in both cases...

    > Yes. Assuming they have smb connectivity and access this computer from the
    > network user right to the server and they are in the users group on that
    > server [which could be via domain users] they could be able to use Computer
    > Management to navigate to the server from their workstation and view the
    > system and application logs. This has been a common complaint as admins
    > found that this was possible. One way to prevent such is to add the users to
    > the guests group on the server and then configure Local Security Policy [or
    > appropriate security policy] to not allow guests to access system and
    > application logs. Try it on your network to see what you can do while logged
    > on as a regular user. --- Steve
    >
    >
    > "Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
    > news:uQJi3SdoFHA.1996@TK2MSFTNGP10.phx.gbl...
    >
    >>Steven L Umbach wrote:
    >>
    >>
    >>>By default users of a server should be able to view the system and
    >>>application log on a server, but not the security log via Computer
    >>>Management - other computer Event Viewer. --- Steve
    >>
    >>When you say "server", I assume you mean their own computer? Do you mean
    >>they can connect to a remote Windows Server computer too?
    >>
    >>--
    >>Gerry Hickman (London UK)
    >
    >
    > 

    -- 
Gerry Hickman (London UK)
  • Next message: LarMan: "EFS Errors"

    Relevant Pages

    • Re: SYSVOL GPOs re:copying
      ... If you create a test user account on each DC, does it successfully replicate to each of the other DCs? ... Stop FRS on each of the new DCs. ... open a command prompt and change directory into the GPMC scripts folder. ... The effort and/or risk in fixing this server seems to exceed the ...
      (microsoft.public.win2000.active_directory)
    • Re: PDC Is not replicating !!
      ... server on the replication DC. ... I have ACE server installed. ... > DCs replicating by disabling replication when USN rollback is ... > If you used imaging to copy your production environment into a lab ...
      (microsoft.public.win2000.active_directory)
    • Re: Windows 2003 R2 Active Directory Performance Question
      ... In a single forest domain, like domain.com, you should make ALL DCs Global catalog server as the IM has nothing to do. ... and 1 is running DHCP) spread across multiple VLANs (multiple NICs ... buildings, some buildings are 1 mile, some are 7 miles away ...
      (microsoft.public.windows.server.active_directory)
    • Re: Sites & Services - DSAccess w/E2K3 SP2
      ... I don't believe the firewalls are the issue as they are set to any-any among ... the all the DCs and exchange server. ... All the DCs replicate information in a mesh ... Immediately after upgrading to Exchange 2003 SP2, ...
      (microsoft.public.exchange.admin)
    • Re: LSASS.exe process near 100% usage
      ... Try pulling the network cable from the back of the server when the spike ... Do the DCs ever reboot on their own? ... The DC that was not gracefully demoted, was it a FSMO Role holder? ... 824196 Description of the License Logging Service in Windows Server ...
      (microsoft.public.win2000.active_directory)