Q

Can a security administrator be granted exclusive access to a Windows 2000 security log?

A security manager can gain exclusive access to Windows 2000 security logs and allow limited access to his or her support staff, but not without complicating the security process. SearchSecurity.com's identity management and access control expert, Joel Dubin explains the accessibility options of Windows 2000 security logs.

Is there a way to provide the security manager with exclusive and complete access to the security log of Windows 2000, but grant "read-only" access rights to the support staff?

Unfortunately, in Windows 2000, access to the security logs is all or nothing. Any user, including an administrator, that has the right to view the security log also has the right to modify, filter or delete entries within it.

The setting allowing log access is found in the Group Policy Objects (GPO) of the domain controller. It can also be set in the local security policy of individual workstations and servers. By default, only administrators have rights to manage auditing and security logs.

A possible workaround, though a bit complicated and restrictive to your staff, would be to create two groups: one for your security manager as an administrator and another group for your support staff as users for the Windows 2000 boxes. All the events in the logs have corresponding objects that can be accessed programmatically by Active Server Pages (ASP) or .NET. The status of these objects can be picked out by an ASP or .NET script and displayed on a Web site set up on your corporate Intranet, but can only be accessible to your support staff.

The problem with this approach is that the Web site would have to be set up either by your company's developers, or by someone else with serious programming or scripting experience. Your support staff, who wouldn't have admin accounts, would also have limited access to systems they might need to oversee.

More information:

  • Learn how to make your security log-reviewing efforts a success every time.
This was first published in October 2006
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close