Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > Can a security administrator be granted exclusive access to a Windows 2000 security log?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can a security administrator be granted exclusive access to a Windows 2000 security log?

Joel Dubin EXPERT RESPONSE FROM: Joel Dubin

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 28 September 2006
Is there a way to provide the security manager with exclusive and complete access to the security log of Windows 2000, but grant "read-only" access rights to the support staff?

>
EXPERT RESPONSE
Unfortunately, in Windows 2000, access to the security logs is all or nothing. Any user, including an administrator, that has the right to view the security log also has the right to modify, filter or delete entries within it.

The setting allowing log access is found in the Group Policy Objects (GPO) of the domain controller. It can also be set in the local security policy of individual workstations and servers. By default, only administrators have rights to manage auditing and security logs.

A possible workaround, though a bit complicated and restrictive to your staff, would be to create two groups: one for your security manager as an administrator and another group for your support staff as users for the Windows 2000 boxes. All the events in the logs have corresponding objects that can be accessed programmatically by Active Server Pages (ASP) or .NET. The status of these objects can be picked out by an ASP or .NET script and displayed on a Web site set up on your corporate Intranet, but can only be accessible to your support staff.

The problem with this approach is that the Web site would have to be set up either by your company's developers, or by someone else with serious programming or scripting experience. Your support staff, who wouldn't have admin accounts, would also have limited access to systems they might need to oversee.

More information:

  • Learn how to make your security log-reviewing efforts a success every time.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Identity Management and Access Control
    Should a new user have to confirm his or her email address before gaining access?
    Can home PCs provide a way for viruses and spyware to enter a corporate LAN?
    What should an enterprise look for in a password token, and in a vendor?
    Is it possible to write a batch file that allows user access to the local admin group for a short time?
    IAM best practices for employees with varying degrees of access to the same computer
    What are some good pre-boot biometric user authentication tools or strategies?
    If the encryption on the Mifare Classic RFID has been cracked, are smart cards insecure?
    How does the Group Policy Object interact with the 'Password Never Expires' flag?
    How do RFID-blocking passport wallets work?
    What are the benefits of identity managed as a service?

    Creating and Managing Information Security Policies
    IT security not valued at many firms, study finds
    Sound compliance policies, practices reduce legal costs
    Exploring Microsoft's Network Access Protection policy options
    IAM best practices for employees with varying degrees of access to the same computer
    How to avoid DLP implementation pitfalls
    What's your advice for getting other business units to contribute to crafting an effective information security policy?
    Security Awareness Training Essential Part of Infosec Program
    Is it necessary to grant a full administrative privileges to a security administrator?
    How to lock down instant messaging in the enterprise
    Worst practices: Bad security incidents to avoid
    Creating and Managing Information Security Policies Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    defense in depth  (SearchSecurity.com)
    non-disclosure agreement  (SearchSecurity.com)
    security policy  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts