Adding Network Services to local Event Log Readers via Group Policy


  • Hi 

    We have a group policy, which is used to send windows events to event collector server.

    It has a Restricted Groups configured as below

    Group = BUILTIN\Event Log Readers

    Members = NT Authority\NETWORK SERVICE

    Members = 

    We know that this policy overrides any previous entry e.g. say we add user AA to "local Event Log Readers" group when this policy get applied everything get cleared and add Only Network Service.

    Now we are wondering if any were able to apply Network Service to Local Event Log Readers group without being so disruptive. We prefer to keep this at group policy level so will appreciate you help.

    We tried few things around with not result, because NT Service is not really account at domain level its bit heard.

    Thank you 

    Friday, June 26, 2015 6:12 AM


  • > Group = BUILTIN\Event Log Readers
    > Members = NT Authority\NETWORK SERVICE
    Either use MemberOf instead of Members (which would require a
    "intermediate" group and will not work for the network service, because
    Network service is a local account and can only be member of local
    groups, and you cannot nest local groups), or switch from RG to GPP LUG
    (Group Policy Preferences "Local Users and Groups").

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Monday, June 29, 2015 7:47 AM