How to Provide Access to Security Logs in Domain Controller

How to Provide Access to Security Logs in Domain Controller

How Do I Provide Access To Security Logs in Domain controller?

Introduction

In this section we will learn how we can provide explicit read-only access to security log on a specific machine for a specific domain ID.

Method

Step 1: Login to the Domain Controller/ Machine on which the access needs to be granted.

Step 2 : Open registry editor, click “start  à Run à (type “regedit” in the Run box) à Enter

Step 3:  After the “registry editor” opens navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\CustomSD

Step 4: Find the SID of the user ID (who would be granted access) using PSGETSID tool.

Step 5:  Replace the existing CustomSD value with à A;;0xf0003;;;<User ID SID>

The new value is:

<O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)A;;0xf0003;;;<User ID SID>

But the best practice is to put a group SID and add user into that group.

Step 6: Exit “registry editor

 

 

 

Leave a Comment
  • Please add 6 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Richard Mueller edited Revision 10. Comment: Changed tags "Windows 2003" and "Windows 2003 R2" to "Windows Server ..."

  • Ed Price - MSFT edited Revision 1. Comment: Various edits per guidelines.

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Richard Mueller edited Revision 10. Comment: Changed tags "Windows 2003" and "Windows 2003 R2" to "Windows Server ..."

  • Ed Price - MSFT edited Revision 1. Comment: Various edits per guidelines.

Page 1 of 1 (2 items)