
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > Can a security administrator be granted exclusive access to a Windows 2000 security log?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Can a security administrator be granted exclusive access to a Windows 2000 security log?

EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 28 September 2006
Is there a way to provide the security manager with exclusive and complete access to the security log of Windows 2000, but grant "read-only" access rights to the support staff?

BROWSE BY TAG

Identity Management and Access Control, Expert Archive: Identity Management and Access Control, Information Security Policies, Procedures and Guidelines, Information Security Management, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	Learn about enterprise strategy for server virtualization single sign-on
	Employee information security awareness training for new IAM systems
	Can you combine RFID tag technology with GPS to track stolen goods?
	Is there a free enterprise-caliber password-management tool?
	Cryptosystem attacks that do not involve obtaining the decryption key
	Can any firm or organization get a digital signature certificate?
	Should the CTO have domain administrator access?
	Does password sharing in international branches violate SOX?
	What are best practices for secure password distribution after a data breach?
	Is it possible to encrypt CDs and DVDs as well as SD cards?

Expert Archive: Identity Management and Access Control

Enterprise password management policy: Finding the balance

How to conduct a periodic user access review for account privileges

Options for a mechanical door security system on a server room door

Comparing access control mechanisms and identity management techniques

User provisioning and SSO for PeopleSoft- and Unix-based products

Could someone place a rootkit on an internal network through a router?

Should a new user have to confirm an email address to gain access?

Can home PCs provide a way for viruses and spyware to enter a corporate LAN?

What should an enterprise look for in a password token and a vendor?

Using batch files for temporary user access to the local admin group

Information Security Policies, Procedures and Guidelines

Twitter risks, Facebook threats trouble security pros

Cybersecurity czar candidate questions clout of new position

Incident response planning

The basics of enterprise GRC project management

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

DHS fills National Cybersecurity Center post

New partnerships, creative thinking help security bust recession

Experts optimistic of Obama cybersecurity plan

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

defense in depth (SearchSecurity.com)

non-disclosure agreement (SearchSecurity.com)

security policy (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Unfortunately, in Windows 2000, access to the security logs is all or nothing. Any user, including an administrator, that has the right to view the security log also has the right to modify, filter or delete entries within it.

The setting allowing log access is found in the Group Policy Objects (GPO) of the domain controller. It can also be set in the local security policy of individual workstations and servers. By default, only administrators have rights to manage auditing and security logs.

A possible workaround, though a bit complicated and restrictive to your staff, would be to create two groups: one for your security manager as an administrator and another group for your support staff as users for the Windows 2000 boxes. All the events in the logs have corresponding objects that can be accessed programmatically by Active Server Pages (ASP) or .NET. The status of these objects can be picked out by an ASP or .NET script and displayed on a Web site set up on your corporate Intranet, but can only be accessible to your support staff.

The problem with this approach is that the Web site would have to be set up either by your company's developers, or by someone else with serious programming or scripting experience. Your support staff, who wouldn't have admin accounts, would also have limited access to systems they might need to oversee.

More information:

Learn how to make your security log-reviewing efforts a success every time.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy