Re: Reading Security Event Logs with Service Account

Randy,
There are a few interesting articles on this:
http://blogs.msdn.com/ericfitz/archive/2006/03/01/541462.aspx
http://support.microsoft.com/default.aspx?kbid=323076
Hope that helps,
Anthony, http://www.airdesk.co.uk

"Randy B" <RandyB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:114253C1-BC2E-4B25-A1D5-A52EB1EB30B5@xxxxxxxxxxxxxxxx
Thanks, Martin. I have tried the following based upon several other posts
from different forums and none of them have worked. My user is a service
account in the Domain Users group.
- Grant Manage auditing and security log
- Grant Impersonate a client after authentication
- Allow log on locally
- Back up files and directories
- Add user to Event Log registry hive with full permission

Any other suggestions?

"Martin X." wrote:

Try this: Go to Start > Run > secpol.msc > enter. The Local Security
Settings MMC will open. Go to Local Policies > User Rights Assignment >
in
the right pane will be Manage auditing and security log. If you add the
account you created to that, it should be able to access the logs through
any means, interactively or via scripting with WMI. If that works ok with
your app, then set that in the GPO for the OU where the servers are. I
would
suggest creating a domain-level group and then giving that group the
rights.
Add the user account to that group afterwards.

--
Regards,

Martin X.
Microsoft Certified Systems Administrator: Messaging
Philadelphia, Pennsylvania, USA

"Randy B" <Randy B@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF1AF5CF-5C39-4FC8-A3A4-5326F71751B9@xxxxxxxxxxxxxxxx
I have a log aggregation application that uses WMI to monitor security
event
logs on Windows servers. The documentation says it requires a domain
admin
account or local administrator account for access to the security logs,
but
I
would like to use the concept of "least privelege" and use a service
account
instead with only the minimum rights and priveleges needed. What would I
need
to grant to this service account on Windows Server 2003 SP1 and SP2 to
allow
the application to query the security event logs using WMI for all my
servers
(domain controllers, member servers, and workgroup servers)?

Thanks!





.

Relevant Pages

  • Re: Reading Security Event Logs with Service Account
    ... Have you tried adding the service account to one of the built-in groups, ... Thanks, Martin. ... Grant Manage auditing and security log ... then set that in the GPO for the OU where the servers are. ...
    (microsoft.public.windows.server.security)
  • Re: Reading Security Event Logs with Service Account
    ... the right pane will be Manage auditing and security log. ... then set that in the GPO for the OU where the servers are. ... Add the user account to that group afterwards. ... logs on Windows servers. ...
    (microsoft.public.windows.server.security)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... Everytime I attempt to login under Basic Authentication, ... IUSR_blah account. ... the anonymous user impersonated by the IIS Server is the ... > Event Viewer Security log. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... The Application Servers are load balanced clustered, ... HostHeader names in IIS, it has a CNAME in DNS referencing ... Only account A has access to database DB-A ...
    (microsoft.public.inetserver.iis.security)
  • Re: Forest to Child -- Permissions
    ... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ...
    (microsoft.public.windows.server.dns)