So you have a couple of choices, the one with the most security is that you
dump the log (in either EVT or TXT format) and then give it to the person
to review offline. The EVT file will only show SIDS for users and objects
if the computer viewing the files does not have acces to your domain (this
translation is done by event viewer on the fly). If you dumpt in TXT format
it dumps the friendly names.
Second option is to grant rights to right to the user to "Manage auditing
and security log. This lets them do what they want in terms of viewing but
they can also delete which you don't want, these roles are not seperable so
if you get read you get edit as well as other rights.
For 2003 this gets much easier (sort of) as you can use SDDL to grant only
read access:
323076 How to set event log security locally or by using Group Policy in
http://support.microsoft.com/?id=323076
--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP
This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
--------------------
