Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Set ACL on Application and Security logs

from [Kern, Tom] Network Security [Permanent Link]
Subject: RE: Set ACL on Application and Security logs
Date: Mon, 16 May 2005 16:28:55 -0400 
The name is misleading but thats what it applies to If you set the 
"RestrictGuestAccess" to "1", it will only allow members of the local 
administrators group to read the log you specified in  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ <log name>. 
Where <log name> is application or system.

Also you can configure it in a GPO in Computer Configuration\Windows 
Settings\Security Settings\Event Log.



-----Original Message-----
From: Z E [mailto:z.emailaccount@gmail.com]
Sent: Monday, May 16, 2005 12:06 PM
To: Kern, Tom
Cc: focus-ms@securityfocus.com
Subject: Re: Set ACL on Application and Security logs


My apologies for neglecting to mention that I'm using W2k Pro. 


You can do it in win2k its fairly easy with a gpo or manually adding

a value to this reg key-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\"name of
eventlog" and create a dword value of 1.

I found the "RestrictGuestAccess" DWORD value - but that doesn't help
since I am dealing with authenticated domain users. Is there another
one?

---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Set ACL on Application and Security logs, Kern, Tom
Next by Date:  SecurityFocus Microsoft Newsletter #241, Marc Fossi
Previous by Thread:  Re: Set ACL on Application and Security logs, Z E
Next by Thread:  RE: Set ACL on Application and Security logs, David LeBlanc
Indexes:  [Date] [Thread] [Top] [All Lists]