views:

1730

answers:

4

To debug some code, I would like to view the Windows event log of a remote machine (target is Windows2003). With mmc.exe I can add the event log for a remote machine, but only if I have sufficient permissions. For this remote machine, they do not want to give me permissions to log in remotely (or admin privileges for that matter). Is there a specific permission I can be given to view the event log and not much else?

A: 

If you could enable web access to the server then you could use an eventlog viewer page that I published a while ago. This would allow the administrators to run the website with just enough permissions to see the eventlog without granting you an account to login...

Dscoduc
+2  A: 

For the security log, users need the privilege "Manage auditing and security log"

For the system and applciation logs you should be able to read them as just a guest unless they have set the RestrictGuestAZccess value under the following registry keys: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application

Marcus Erickson
+1  A: 

One Option is to get a local ID that is on the remote local admin group.

Next, from your system, map to a drive on the remote server using the new remote local ID.

Create a new MMC from the Windows Run start menu - by typing in MMC /a

Add the EventView Snap-in

When it prompts you for local or remote server - put in the Host name of the server that you mapped to.

Tip: Windows uses established secure connection - if it can. Hence the map a drive trick work VERY well.

Please Note: I use this trick with WMI query(s) - hence the query never fails do to a timeout issue.

+1  A: 

Joshua Flanagan outlined a process to delegate rights through modifying the security descriptor of the event logs.

Colin Bowern

related questions