Announcement

Collapse
No announcement yet.

permission to read audit settings on DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • permission to read audit settings on DC

    We have this app (bindview) that needs to read the audit settings off of the Domain controller policy.

    We can only get this to work if we add the service account to the Domain admins group.

    The way this app has been configured in our environment the folks that run this app login using the svcac all day long and we don't want to give them DomAdmn access.

    I was wondering if anyone here knows what kind of access we need to grant this account so that it can read the audit settings on DC's?

    Thanks,
    G

  • #2
    Re: permission to read audit settings on DC

    Best is referring this question the the Application Vendor, he would know the best what are the prerequisites for the Application.

    Comment


    • #3
      Re: permission to read audit settings on DC

      they got brought out by symantec and the tech support folks are saying it has to be either a member of the DomAdmn group or the administrators group in Ad. Both options are not something we want to give this svcac.

      Comment


      • #4
        Re: permission to read audit settings on DC

        Originally posted by glacieredlightning View Post
        they got brought out by symantec and the tech support folks are saying it has to be either a member of the DomAdmn group or the administrators group in Ad. Both options are not something we want to give this svcac.
        Typical from software developers Functionality then Security.
        Have you thought of disallowing the account to log on locally via GPO as follows Computer Configuration/windows settings/Security Settings/Local Policies/User Rights Assignments/Deny Logon Locally and apply it to the domain.
        It is far from ideal but it can minimise the risk.

        Ta
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: permission to read audit settings on DC

          hmmm, never thought of trying that but since they have admin tools installed on their app server they could still get out of control.

          Still worth thinking and trying.

          thanks,
          G

          Comment


          • #6
            Re: permission to read audit settings on DC

            Sir you might want to try this in the group policy.. Please see attached image.
            1. double click the highlighted policy
            2. Add the user.

            You can link the Policy to the member servers or or Domain wide.
            This is my work around because we pretty much have the same problem.
            Hope this helps..
            Attached Files
            Ronuel
            MCP
            There is only one way to find Out..Its to try it and/or Do it...

            Comment

            Working...
            X