How Do I Provide Access To Security Logs in Domain controller?
In this section we will learn how we can provide explicit read-only access to security log on a specific machine for a specific domain ID.
Step 1: Login to the Domain Controller/ Machine on which the access needs to be granted.
Step 2 : Open registry editor, click “start à Run à (type “regedit” in the Run box) à Enter”
Step 3: After the “registry editor” opens navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\CustomSD”
Step 4: Find the SID of the user ID (who would be granted access) using PSGETSID tool.
Step 5: Replace the existing CustomSD value with à A;;0xf0003;;;<User ID SID> The new value is: <O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)A;;0xf0003;;;<User ID SID> But the best practice is to put a group SID and add user into that group.
Step 6: Exit “registry editor”
Richard Mueller edited Revision 10. Comment: Changed tags "Windows 2003" and "Windows 2003 R2" to "Windows Server ..."
Ed Price - MSFT edited Revision 1. Comment: Various edits per guidelines.