Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Successfully Create a User to Monitor Audit Logs
Results 1 to 2 of 2

Thread: Successfully Create a User to Monitor Audit Logs

  1. #1

    Successfully Create a User to Monitor Audit Logs

    I am trying to create an account for a user with limited access. However, I want them to be able to view, filter, and save the audit logs. I have granted them access to audit the machine in the Local Security Policy (this is a standalone machine, no Active Directory/group policies don't apply). However, when I check the Event Viewer with this account, all I get is the following error repeatedly:

    The description for Event ID (560) in Source (security) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer........ (abridged version)

    So, with this new limited account, I can actually open up the security audit log in event viewer, but I repeatedly get that error, and it doesn't list anything under the *EDIT* SOURCE COLUMN. I'm guessing that there is a permission that I must grant the user, but I'm not sure upon which file/directory to apply it. Does anyone have any ideas?

    Thanks!
    Last edited by herrmag; 02-26-2007 at 10:01 PM.

  2. #2
    I figured it out. Apparently the user must be part of the Backup Operators group. Then you grant the Backup Operators permission to "Manage auditing and security log" in the Local Security Policy.

    For some reason, adding the user in the local security policy did not give the user full functionality of the security audit logs, nor did making the user a Power User and adding the Power Users group in the Local Security Policy. The Backup Operators group must have specific permissions associated with them that no other group does, even the Power Users group. At least that's my guess, as I haven't yet done any detailed research on what specifically the Backup Operators group's permissions are.

Similar Threads

  1. create mail user without creating it on system
    By Amira in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 07-05-2011, 02:31 PM
  2. Monitor user history
    By svar in forum Linux - General Topics
    Replies: 3
    Last Post: 11-12-2010, 10:19 AM
  3. create linux user accounts over the internet
    By samanthi in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 05-27-2005, 04:50 PM
  4. Create and Configure User Accounts in Windows XP
    By regix in forum Windows - General Topics
    Replies: 0
    Last Post: 01-04-2005, 07:48 AM
  5. Red Hat Logs
    By Rukasboy in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 07-08-2002, 10:10 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •