No announcement yet.

access to event logs

  • Filter
  • Time
  • Show
Clear All
new posts

  • access to event logs


    I would like to allow some developers access to event logs on some of our servers. I have found the following article (;en-us;323076) and followed the configure event log security locally.

    It tells me to add the srring that is required but the article does not seem to clearly say what string to add.

    I would just like to be able to allow authenticated users to access the event logs.

    Any help much appreciated.


  • #2
    Re: access to event logs

    It's pretty hard to say anything good about SDDL. If you want to define a custom access control entry for an event log, you'll need to define the whole ACL in SDDL.

    The kb article you linked has the default SDDL string for the Application Log.

    O:BAG:SYDD;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0x5;;;BA)(A;; 0x7;;;SO)(A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;; 0x2;;;NS)

    The access control entries are represented by the groups in parenthesis. To grant Authenticated Users read access to what already exists, you would want to add (A;; 0x1;;;AU) to the end of the string.

    A = Allow
    0x1 = Read
    AU = Authenticated Users

    This blog post may be helpful in better understanding SDDL.


    • #3
      Re: access to event logs

      Thanks scott. perfect answer. worked great.

      Thanks for your help