deligate ability to view security logs on domain controller

From: FrankR (frankr@thetechzone.net)
Date: 12/01/02 

From: "FrankR" <frankr@thetechzone.net>
Date: Sat, 30 Nov 2002 19:32:50 -0800

Anyone ever tried to deligate the ability to view the
security logs on Windows 2000 domain controllers?

The need is to allow selected non-domain admins the
ability to view the security logs on the domain
controllers.

These associates can view the application and event logs,
but not security.

Any assistance is appreciated.

Thanks

Frank

Relevant Pages

  • Re: deligate ability to view security logs on domain controller
    ... > Anyone ever tried to deligate the ability to view the ... > security logs on Windows 2000 domain controllers? ...
    (microsoft.public.win2000.security)
  • Re: Administrators Group in Local Users and Groups
    ... The fact that they can logon to domain controllers means they very likely have the ability to easily escalate their privileges to administrator, domain administrator, and probably enterprise admin and do everything you listed and more. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Automatically user lockout - big problem
    ... Check the security logs of the domain controllers to ... By default logging of account ... Comb can be used to scan domain computers for that account lockout event. ...
    (microsoft.public.windows.server.security)
  • Re: Who disabled this account?
    ... Then enable auditing of account management in the Domain Controller Security ... Policy and look in the security logs of the domain controllers for Event ID 629. ...
    (microsoft.public.win2000.security)
  • Re: Prove someone logged in
    ... Auditing of account logon will have to be first enabled in Domain Controllers ... Security Policy and then you will have to look in the security logs of the domain ...
    (microsoft.public.win2000.security)