none
Easy way to read security log RRS feed

  • Question

  • Can someone recommend a utility or way for a client to easy view the security log? Something that will allow them to view who accessed a file/folder or view by user what that user has been read/writing/deleting etc.

    Bob


    Bob Karon Computer Solutions www.INeedBob.com

    Monday, March 5, 2012 7:38 PM

Answers

  •  

    Hi Bob,

    First, you need to give normal domain users permission to read Event Logs.

    In Windows Server 2003, this is not an easy task. Please refer to:

    How to set event log security locally or by using Group Policy in Windows Server 2003

    http://support.microsoft.com/kb/323076/en-us

    In Windows Server 2008 and later, you can add users to the Built in Event Log Readers group. Please refer to:

    Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008

    http://blogs.technet.com/b/janelewis/archive/2010/04/30/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008.aspx

    Regarding utility to view the security log easily, please let us know more information about your requirement.

    Meanwhile, I’d like to introduce the Event Comb Tool which might be helpful for you. Eventcombmt.exe is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time. For more information, please check the following articles:

    List of features available in the Event Comb tool

    http://support.microsoft.com/kb/308471/en-us

    Hope this helps.

    Regards,

    Bruce

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Bruce-Liu Friday, March 9, 2012 5:40 AM
    Tuesday, March 6, 2012 8:14 AM

All replies

  •  

    Hi Bob,

    First, you need to give normal domain users permission to read Event Logs.

    In Windows Server 2003, this is not an easy task. Please refer to:

    How to set event log security locally or by using Group Policy in Windows Server 2003

    http://support.microsoft.com/kb/323076/en-us

    In Windows Server 2008 and later, you can add users to the Built in Event Log Readers group. Please refer to:

    Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008

    http://blogs.technet.com/b/janelewis/archive/2010/04/30/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008.aspx

    Regarding utility to view the security log easily, please let us know more information about your requirement.

    Meanwhile, I’d like to introduce the Event Comb Tool which might be helpful for you. Eventcombmt.exe is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time. For more information, please check the following articles:

    List of features available in the Event Comb tool

    http://support.microsoft.com/kb/308471/en-us

    Hope this helps.

    Regards,

    Bruce

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Bruce-Liu Friday, March 9, 2012 5:40 AM
    Tuesday, March 6, 2012 8:14 AM
  •  

    Just checking in to see if the above suggestion is helpful. If there is any update, please let us know.

     

    Have a great day!

    Regards,

    Bruce

    Thursday, March 8, 2012 2:24 AM
  • Bruce

    just stumbled upon this thread. Instead of making a new one I thought I'd rather ask in this existing one.

    I'm working with Windows 2008 Standard and Windows 2008 R2 servers currently. I created a domain user, added the user to event log readers group and also granted the user access to the security event log.

    In Windows 2008 R2 Server this user can read everything as expected. Cool.

    In Windows 2008 Standard, this user can also access all the logs, but don't get the message descriptions in the "General" tab for the security event log. Everything else (locales etc.) is configured exactly the same way. But I don't get the descriptions of the events with this user, allthough I can read the events themselves in the Security event log.

    Something different between 2008 Standard and 2008 R2?

    Monday, March 12, 2012 7:09 AM
  • Hi ]rag[,

    To avoid any confusion, I suggest you create a new thread to discuss it. Meanwhile, it’s better to provide a screenshot to show the issue so that we can get a better understanding.

    Regards,
    Bruce

    Monday, March 12, 2012 9:35 AM
  • Done that.
    Monday, March 12, 2012 12:08 PM