Re: Reading Security Event Logs with Service Account
- From: "Martin X." <martin@xxx>
- Date: Fri, 16 Nov 2007 16:00:31 -0500
I never tried that myself, but it looked like it "should" work. Anyway,
after you did all that, were you able to log on with the service account and
view the security log? If you can't using that method, then it will probably
prevent you from doing it via WMI also.
Have you tried adding the service account to one of the built-in groups,
Backup Operators or Server Operators? That will give the account more
rights/permissions than it really needs, but it's still not an admin. Other
than that I'm not sure what else you could try.
--
Regards,
Martin X.
Microsoft Certified Systems Administrator: Messaging
Philadelphia, Pennsylvania, USA
"Randy B" <RandyB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:114253C1-BC2E-4B25-A1D5-A52EB1EB30B5@xxxxxxxxxxxxxxxx
Thanks, Martin. I have tried the following based upon several other posts
from different forums and none of them have worked. My user is a service
account in the Domain Users group.
- Grant Manage auditing and security log
- Grant Impersonate a client after authentication
- Allow log on locally
- Back up files and directories
- Add user to Event Log registry hive with full permission
Any other suggestions?
"Martin X." wrote:
Try this: Go to Start > Run > secpol.msc > enter. The Local Security
Settings MMC will open. Go to Local Policies > User Rights Assignment > in
the right pane will be Manage auditing and security log. If you add the
account you created to that, it should be able to access the logs through
any means, interactively or via scripting with WMI. If that works ok with
your app, then set that in the GPO for the OU where the servers are. I
would
suggest creating a domain-level group and then giving that group the
rights.
Add the user account to that group afterwards.
--
Regards,
Martin X.
Microsoft Certified Systems Administrator: Messaging
Philadelphia, Pennsylvania, USA
"Randy B" <Randy B@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF1AF5CF-5C39-4FC8-A3A4-5326F71751B9@xxxxxxxxxxxxxxxx
I have a log aggregation application that uses WMI to monitor security
event
logs on Windows servers. The documentation says it requires a domain admin
account or local administrator account for access to the security logs,
but
I
would like to use the concept of "least privelege" and use a service
account
instead with only the minimum rights and priveleges needed. What would I
need
to grant to this service account on Windows Server 2003 SP1 and SP2 to
allow
the application to query the security event logs using WMI for all my
servers
(domain controllers, member servers, and workgroup servers)?
Thanks!
.
- References:
- Re: Reading Security Event Logs with Service Account
- From: Martin X.
- Re: Reading Security Event Logs with Service Account
- Prev by Date: Re: Folder permissions help
- Next by Date: Re: Reading Security Event Logs with Service Account
- Previous by thread: Re: Reading Security Event Logs with Service Account
- Next by thread: Re: Reading Security Event Logs with Service Account
- Index(es):
Relevant Pages
|
|
