Unfortunately, in Windows 2000, access to the security logs is all or nothing. Any user, including an administrator,...
that has the right to view the security log also has the right to modify, filter or delete entries within it.
The setting allowing log access is found in the Group Policy Objects (GPO) of the domain controller. It can also be set in the local security policy of individual workstations and servers. By default, only administrators have rights to manage auditing and security logs.
A possible workaround, though a bit complicated and restrictive to your staff, would be to create two groups: one for your security manager as an administrator and another group for your support staff as users for the Windows 2000 boxes. All the events in the logs have corresponding objects that can be accessed programmatically by Active Server Pages (ASP) or .NET. The status of these objects can be picked out by an ASP or .NET script and displayed on a Web site set up on your corporate Intranet, but can only be accessible to your support staff.
The problem with this approach is that the Web site would have to be set up either by your company's developers, or by someone else with serious programming or scripting experience. Your support staff, who wouldn't have admin accounts, would also have limited access to systems they might need to oversee.
- Learn how to make your security log-reviewing efforts a success every time.
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.