Re: Remote Event Log

Thanks,

I think it gonna solve my problem. I tried your adm file, but when I add
it, I only see the category, but no entry in gpedit!

Simon

"Mark Heitbrink [MVP]" wrote:

Hi,

simonm schrieb:
I have a domain controller running W2K3 R2 with a several XP machine on
the domain. I have a service running SYSTEM on those XP box that can start
processes. I need to setup the policy and permission on the Controller so
those processes (running SYSTEM) can create remote event on the controller
into my custom event log. It was working on a different setup where the
controller was a w2K box!

It´s because of the change in security to eventlog announced in W2K3 SP1.

It can be change by security template
http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
.... not my favorite, because you need to change it locally on every
client/server, where you want to "see" or "change" the setting.
(even if you don not see it, it is still active ...)

or my favorite: Doing it by ADM Template
because it is universal and in my opinion more flexible.

You can manipulate the "CustomSD" manually of course, but if it is
more than one server it would be easier with a policy.

My guess: The actual permissions on your eventlog are:
O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

Change (A;;0xf0007;;;SY) to (A;;0x3;;;SY) to give read/write access.

If this doesn´t help, you can extand this list and add a selfcreated
security group an run the service with a member of this group.

an ADM xould look like this:
---- eventlogperm.adm ----
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
CLASS MACHINE ;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

CATEGORY "Eventlog Permissions"

POLICY "My Eventlog"
KEYNAME "System\CurrentControlSet\Services\Eventlog\NameofEventlog"
PART "Permissions on NameofEventlog" EDITTEXT
DEFAULT
"O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)"
VALUENAME CustomSD
END PART
END POLICY

END CATEGORY

; Change the Keyname to your settings ...
; the Default is the MS Default setting. Add/change it ...
---- eventlogperm.adm ----


Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english

.

Relevant Pages

  • Re: Remote Event Log
    ... I need to setup the policy and permission on the Controller so ... It´s because of the change in security to eventlog announced in W2K3 SP1. ... My guess: The actual permissions on your eventlog are: ...
    (microsoft.public.windows.group_policy)
  • Re: Access to Network and Dial-Up Connections blocked
    ... John John wrote: ... if a NoPropertiesMyComputer policy exists: ... I re-enabled Remove Network Connection from ... If this is a permissions issue check and make sure that you have ...
    (microsoft.public.win2000.general)
  • Re: Automated logoff using Winexit.scr
    ... New OU - New Policy ... Settings: Configure this key then Propogate inheritable permissions to ... Permissions granted: Authenticated Users: Read/Special ... test GPO linked to it trying to accomplish that and move a couple computers ...
    (microsoft.public.windows.group_policy)
  • Re: Trouble with Win2003 Folder Redirection Policy
    ... giving NTFS permissions to that group. ... From what information you've given me the policy is correct as long as ... The user's home folder in the profile section of the AD has been ... updated to the new server as well. ...
    (microsoft.public.windows.server.general)
  • Re: ADM not pushed to OU
    ... setting or only some sort of preference? ... When I look at your ADM I don't see this as a policy setting but a ... CLASS MACHINE ...
    (microsoft.public.windows.group_policy)