Is it possible to grant Read-Only Access to all Event Logs on Domain Controllers

active-directory windows-event-log eventviewer delegation
23,011

Solution 1

There is a built in group for just this purpose. Event Log Readers. Add users to the group that you want to have read access to the logs. You can definitely do this via GPO. You can modify the Default Domain Controllers Policy (or create one at the same level) if you want it to only apply to your DCs. You want to update the Event Log Readers group with the users you want to be able to read event logs on your DCs.

enter image description here

Solution 2

It's definitely feasible, depending on if you're running Server 2003 SP1 and newer or not. If so you can modify some registry settings that allow specific access to Event viewer as well as apply local GPO settings for users.

Microsoft has a Document Here out there showing the steps to take to do exactly what you want to do.

Share:
23,011
Andy Schneider
Author by

Andy Schneider

A Systems Engineer in the Greater Seattle Area. I am big fan of PowerShell. Follow me on Twitter, @andyschneider

Updated on September 18, 2022

Comments

  • Andy Schneider
    Andy Schneider almost 2 years

    I would like to grant Read-Access to event logs on all my domain controllers, ideally at a domain level using GPO. I would like members of a group to be able to view the Application Log, the System Log, and several logs in "Application and Services logs" such as "Directory Service" and "File Replication Service." What would be the best strategy of going about this?

    Please note that most of my Domain Controllers are 2008 R2

  • Split71
    Split71 over 12 years
    Look at the bottom of this article for trying the wevtutil.exe utility for ACL modifications within 2008 R2 blogs.msdn.com/b/ericfitz/archive/2006/03/01/541462.aspx This may or may not work for you, and I can't be 100% because i haven't had to do it within 2008 R2.
  • Andy Schneider
    Andy Schneider over 12 years
    I got this working by adding users to Event Log Readers which is in the in Builtin container in AD, not in Local users and groups. Not sure why it failed the first time.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Server Hanging - Server Event Viewer
Delegate software install/uninstall power to users/groups
Is it possible to enable logging of RDP connections / disconnections under Windows XP and Windows 7?
Account lockouts not in Event Viewer
Set up delegation trust for domain user
WinXP Event Viewer: Internet Explorer - how to log events?
How can I delegate "Attributes 1-15" in Exchange / AD?
Why is the user name "N/A" for most of the event log entries? How to get it filled in?
How to collect Security Event Logs for a single category via Powershell
Expired password Event ID in Window Server 2012