Re: Access denied for non-admins to remotely access app and sys logs
- From: "Mark Heitbrink [MVP]" <spam-only@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 23 Oct 2007 18:15:16 +0200
Hi,
Paul DiGiorgio schrieb:
I am trying to set up a GPO to allow a support team to access events logs
on a large group of servers. The support team are not administrators on the
servers. When they log in locally, they can view all three event logs. When
they connect remotely through Computer Manager, they receive 'access denied'
on the app and sys logs.
This is a problem that came up with 2003 SP1. MS did a hardening on
the remote access.
http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
If you can create the needed SDDI syntax, I can supply a ADM Template
to deploy it, I think it is easier than using the Security Template
mentioned in the article.
http://www.gruppenrichtlinien.de/adm/eventlogpermissions.txt
The Default Value in the Template is the Default security setting defined
by MS since SP1.
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
.
- Prev by Date: Re: Stand-alone (non-networked) computer - restrict one account but not another
- Next by Date: Re: Applying user object policy (filtering based on computer location)
- Previous by thread: Stand-alone (non-networked) computer - restrict one account but not another
- Next by thread: Re: Unable to download Windows 2000 ,3-pack update.ERROR CODE 0x802400
- Index(es):
Relevant Pages
|
