Re: Event Viewer Security in Windows 2003
From: Jim (jkwe_at_chevron.com)
Date: 09/16/03
- Next message: Boyd Benson [MS]: "Re: Does IPsec encrypt local communication"
- Previous message: bj daniels: "Re: Windows update problems"
- In reply to: DeWayne Gibson: "Re: Event Viewer Security in Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Sep 2003 16:47:36 -0700
That does the trick - don't need any of the other stuff I did.
It seems to be referenced in Q323076
These steps worked for me:
Create a new group
Use getsid to find the sid of the group
Append this string to the end of each event log's customsd entry:
(A;;0x1;;;S-1-5-21-3302999696-2923453001-1789000803-1003)
Where A=grant access, 0x1=Read access, and the sid is the sid for my
newly created group. D in the first spot would be Deny and 0x7 would
be full access (read, write, clear).
Thanks,
Jim
"DeWayne Gibson" <dewayne@TAKEOUTaracnetSPAM.com> wrote in message news:<O#S#zTXeDHA.2172@TK2MSFTNGP09.phx.gbl>...
> Not sure if this will help you, but I found this information that will open
> up the Application log by importing in the following registry entry (I
> haven't tried it on the Sytstem log, but it would probably work the same):
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
>
> "CustomSD"="O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;
> ;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;
> ;AU)"
>
>
>
> DeWayne
>
<excess snipped>
- Next message: Boyd Benson [MS]: "Re: Does IPsec encrypt local communication"
- Previous message: bj daniels: "Re: Windows update problems"
- In reply to: DeWayne Gibson: "Re: Event Viewer Security in Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
