Re: Subject: Security Event Log reading by Domain Users
From: Gera (gera_nospam_at_lu.lt)
Date: 07/14/04
- Next message: kl: "NEW TOOL: SMAC-CL 1.0, Console App for modifying MAC addresses"
- Previous message: troy: "httpodbc.dll infected with Nimda"
- In reply to: Joe Richards [MVP]: "Re: Subject: Security Event Log reading by Domain Users"
- Next in thread: Joe Richards [MVP]: "Re: Subject: Security Event Log reading by Domain Users"
- Reply: Joe Richards [MVP]: "Re: Subject: Security Event Log reading by Domain Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jul 2004 10:45:48 +0300
Thanks for repsonse.
The point is, our "program" is a SQL script run trough Microsoft Log Parser.
Is it possible to solve the problem in this case (using MS LP and any Windows settings)
or we will need to rewrite an app in C++ using WinAPI functions?
Thanks,
-- Gera "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message news:ekVsJLOaEHA.3716@TK2MSFTNGP11.phx.gbl... > Security logs are locked off from non-admins by default. You only need to add > Manage Auditing and Security Log right to see them, however that means that > account will also be able to clear the security log. In XP and 2K3 you can get > more granular and just offer read. > > However your next issue is because the program can't read the Message Library or > the registry entries involved. It has been a long time since I wrote event log > code but if you are using the standard OpenEventLog/ReadEventLog and then using > FormatMessage you will need to redirect the library from which you do the > LoadLibrary for for the message IDs OR open up the security to the message > library on the remote machine. > > joe > > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > www.joeware.net > > > > Gera wrote: > > Is it possible to normally read Sec. Event Log under Domain User account? > > We wrote a simple application which reads 538, 540, 528, etc. events and counts them. > > Under administrative account it works fine, but under Domain User can't open sec. log. > > Adding a "Manage auditing and sec. log" and "Act as the part of oper. system" settings via GP > > permits to view sec. log, but events are read like > > "The description for Event ID ( 538 ) in Source ( Security ) cannot be found. The local computer may > > not have the necessary registry information or message DLL files to display messages from a remote > > computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and > > Support for details. The following information is part of the event: pmtest; COMPANY; (0x0,0x5A968); > > 11." > > Thus, our software doesn't work - it can't read the events. > > > > I added all possible rights to the Domain User account, from "Create a Token Object" to "Generate > > Security audits", but no luck. > > I heard that domain user account maybe need some rights to read some reg. key with Event Log message > > library, but I don't know which exactly... > > > > Is it possible to make this work? > > > > > > Thanks, > > Gera, MCSE > > MGBaltic > > > > > > >
- Next message: kl: "NEW TOOL: SMAC-CL 1.0, Console App for modifying MAC addresses"
- Previous message: troy: "httpodbc.dll infected with Nimda"
- In reply to: Joe Richards [MVP]: "Re: Subject: Security Event Log reading by Domain Users"
- Next in thread: Joe Richards [MVP]: "Re: Subject: Security Event Log reading by Domain Users"
- Reply: Joe Richards [MVP]: "Re: Subject: Security Event Log reading by Domain Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
