Access denied for non-admins to remotely access app and sys logs

G

Guest

I am trying to set up a GPO to allow a support team to access events logs
on a large group of servers. The support team are not administrators on the
servers. When they log in locally, they can view all three event logs. When
they connect remotely through Computer Manager, they receive 'access denied'
on the app and sys logs.

I have already granted the support group the user right 'Manage auditing
and security log', and they are able to view the sec log remotely through
Computer Manager.

Please help me resolve this issue. Thank you in advance...
Paul
 
G

Guest

So I found the 'magic' SDDL. once I put this in place, non-admin accounts
are able to access the App and Sys logs:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;AU)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Access denied for non-admins to remotely access app and sys logs 1
Access is Denied to Event Viewer logs 6
Access is Denied to Event Viewer logs 3
WMI: Access Denied. SeSecurityPrivilege failure. 0
Access denied to remote XP Event Logs through Computer Manager 3
Acess to Event Viewer on Windows 2003 Domain Controllers? 3
Access Event Viewer remotely 3
Domain Admins can't manage computers 3

Top