?
-
I know this question has been asked before but I haven't been able to find
an answer. How can an administrator prevent non-administrator view access
to the event logs? The policy only references preventing the guest account.
I want only a DA to see the App/Sys/NTFRS/NTDS/DNS & of course security
event logs. The security event logs are truly locked down to only
administrators, but how can one do the same thing for the other event logs.
Seeing the even the non-security logs is in itself a security breach.
Do I have to use NTFS ACL's on the files? Is that the only way?
an answer. How can an administrator prevent non-administrator view access
to the event logs? The policy only references preventing the guest account.
I want only a DA to see the App/Sys/NTFRS/NTDS/DNS & of course security
event logs. The security event logs are truly locked down to only
administrators, but how can one do the same thing for the other event logs.
Seeing the even the non-security logs is in itself a security breach.
Do I have to use NTFS ACL's on the files? Is that the only way?