Allow non Admins Read access to EventLog
I would advise use of the script in the first instance.
Manual Method
Indentify the Pre Windows 2000 group name SID (using SID vice versa tool)
Using regedit on the server naviagate to the following registry key
HKLM\System\CurrentControlSet\Services\Eventlog\Application
Edit the CustomSD registry key and append
(A::0x1;;;XXXXXXXXXXXX) where XXXXXXXXXX is the obtained SID
Scripted Method
' *******************************************************
' *
' * Script : AddEventLogSecurity.vbs
' *
' * Purpose : Set read permissions for event log on remote server.
' *
' *
' *******************************************************
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
strUser = Inputbox("Enter user name:")
strDomain = "UK"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
On Error Resume Next
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='" & strUser &"',Domain='"& strDomain &"'")
If Err.Number <> 0 Then
MsgBox("ERROR: Invalid username.")
WScript.Quit
End If
MsgBox("Found user " & strUser & " SID (" & objAccount.SID & ")")
strServer = Inputbox("Enter server name:")
strEventLog = Inputbox("Enter event log name: eg. Application")
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer & "\root\default:StdRegProv")
On Error Resume Next
' Get String Current Value
strKeyPath = "SYSTEM\CurrentControlSet\Services\Eventlog\" & strEventLog
strValueName = "CustomSD"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValue = strValue & "(A;;0x1;;;" & LTrim(RTrim(objAccount.SID)) & ")"
oReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
If Err.Number <> 0 Then
MsgBox("ERROR: Invalid application log name or insuffiencent rights to complete operation.")
WScript.Quit
Else
MsgBox("Completed sucessfully.")
WScript.Quit
End If
Microsoft Article
The following Microsoft article details the process in depth 323076
0 Comments:
Post a Comment
<< Home