Access denied for non-admins to remotely access app and sys logs

[Guest]

I am trying to set up a GPO to allow a support team to access events logs
on a large group of servers. The support team are not administrators on the
servers. When they log in locally, they can view all three event logs. When
they connect remotely through Computer Manager, they receive 'access denied'
on the app and sys logs.

I have already granted the support group the user right 'Manage auditing
and security log', and they are able to view the sec log remotely through
Computer Manager.

Please help me resolve this issue. Thank you in advance...
Paul

BTW - I have also posted this in Microsoft.public.win2000.security

 

[Mark Heitbrink [MVP]]

Hi,

I am trying to set up a GPO to allow a support team to access events logs
on a large group of servers. The support team are not administrators on the
servers. When they log in locally, they can view all three event logs. When
they connect remotely through Computer Manager, they receive 'access denied'
on the app and sys logs.

This is a problem that came up with 2003 SP1. MS did a hardening on
the remote access.

http://support.microsoft.com/default.aspx?scid=kb;en-us;323076

If you can create the needed SDDI syntax, I can supply a ADM Template
to deploy it, I think it is easier than using the Security Template
mentioned in the article.
http://www.gruppenrichtlinien.de/adm/eventlogpermissions.txt

The Default Value in the Template is the Default security setting defined
by MS since SP1.

Mark