Members of this group are granted permissions to read the event logs on the local computer. This group is created when you promote a Windows Server system to the role of domain controller and it’s also present as a built-in group on all of the member servers in each domain of a forest. The first thing this motley assembly of IT pros thought up was to add the target user to the Event Log Readers group, which is one of the default security groups in Active Directory. And as usual these tips and solutions are presented to you “as is,” so be sure to try them out in your test environment before using them in a production environment. In this article I’ll briefly walk you through our discussion as we tried and ultimately found an easy way to implement this scenario. That posed an interesting challenge! After pondering this for a while, the admin reached out to several people including myself who then engaged with other colleagues to try and come up with a solution that could meet his needs. Recently, I was talking with an administrator of an organization that uses Active Directory and wanted to grant someone permission to read the Directory Service event log on a Windows Server 2012 domain controller but be able to do absolutely nothing else on the system. So it’s not surprising when Active Directory administrators feel they have to have total granular control over every class, object, and attribute in the directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |