Jump to content


Photo

ALE: Permissions to read DC security log


  • Please log in to reply
4 replies to this topic

#1 Nir

Nir

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 16 October 2013 - 09:47 AM

Hi all,

Can anyone please tell me which permissions I need to read the DC security logs?
I don't want to use a domain admin as service user.

Many thanks
Nir.

Edit: I added the service user to the "Manage auditing and security log" policy in the default domain controller policy and the error changed from
"Access is Denied. (Exception from HRESULT: 0x800700005 (E_ACCESSDENIED))"
to a simple
"Access denied"
So, I guess thats a start...

I also tried the domain builtin groups "Performance Log Users" and "Event log Readers" but that didn't change anything.

#2 Nir

Nir

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 16 October 2013 - 10:13 AM

OK, i've finally found this one: http://www.netwrix.com/kb/1396 ;)

I'm getting now an OK for the Connection but Audit Status is still on "Access is denied"... any ideas?

Thanks
Nir.

#3 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 16 October 2013 - 12:50 PM

Nir,

Just responded to your other forum thread a few minutes ago. :)

-Jeff

#4 Nir

Nir

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 16 October 2013 - 02:42 PM

Thanks Jeff

but this one is a completely different problem. Hope you can help me with this one too.
I did everything according to the KB and restarted DC and ALE multiple times, but something seems to be missing to access the audit log. "Connection" is reported as OK, but "Audit Status" says Access denied...:( it works fine as Domain Admin. So I guess some permissions must still be missing.

Nir.

#5 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 16 October 2013 - 05:05 PM

Nir,

The account probably doesn't have the permissions to check auditing or collect data from the security event log. There is a list of permissions the service account MUST have in the following KB: http://www.netwrix.com/kb/1396

-Jeff




0 user(s) are reading this topic

0 members, guests, anonymous users