Deploying rights to read security event logs

[Jazzgeek]

Hi, I have a small firm in that we have few nodes in the network, in that I have to delegate some rights to the user so they can read the different logs regarding the security, so I know we can do it by giving them the admin rights, but is there other way so make then read without giving them permission. Because as the admin has the full authority for making any change in the system, so simply avoiding the miss use I want to do this. Any suggestion?

[teenQ]

Yeah, there is the way, the easiest way for doing that is by giving the user authorization for managing the auditing and security logs. This you’ll find under the user rights assignment, thus you can simply gives the rights as well as the admin will be free. It also allows the user account to clear the log as per the permission is given to them. You can give them the read only rights so that can only see the logs, thus you can prevent them from changing the logs.

[Visala28]

Other way I would like to suggest you to is, you can do this without giving them the administrative rights, but for that first of all you need to find SID of the person in the DA, after getting it you have to customize the registry values, it will increase the person specific permissions for reading as well as writing. This is depending upon what kind of permission you give to them. The values looks like “A;; 0x1;;; SID”. Copy the value that you get in default domain group policy. Here I am mentioning the directory. ”\ Windows Settings \ Security Settings \ Local Policies \ Security Options \ "Event log: Security descriptor for application event log " option to apply it.

[Sabastiaan]

As the logs are important part of operating system because it contains records of system and network security, you need to protect from breaches of their confidentiality and integrity. So for I would rather recommend you not to give permission to the user instead you can make the details available to them. So they can eventually can’t change the Log as well as destruction can be avoided.

[Candace]

You can have the another option like if as you have mentioned that you access as a admin, you can give the different permission to the different user like, there are too many rights regarding reading something, you have rights to avoid such a general user to to make any change in the log, as its security log it may contains some confidential information too, about the log in name and passwords of the different accounts. thus is you provide only read only rights to any particular user than it can not change the log.