Access denied for non-admins to remotely access app and sys logs

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am trying to set up a GPO to allow a support team to access events logs
on a large group of servers. The support team are not administrators on the
servers. When they log in locally, they can view all three event logs. When
they connect remotely through Computer Manager, they receive 'access denied'
on the app and sys logs.

I have already granted the support group the user right 'Manage auditing
and security log', and they are able to view the sec log remotely through
Computer Manager.

Please help me resolve this issue. Thank you in advance...
Paul
 
So I found the 'magic' SDDL. once I put this in place, non-admin accounts
are able to access the App and Sys logs:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;AU)
 
Back
Top