1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Event View Question

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by craigie, Aug 12, 2008.

  1. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I have configured the Domain as follows:

    Domain Shared Folder Called Files

    Auditing Enabled
    Everyone Group
    All Actions Success & Failures To Be Audited

    Domain Group Policy Object

    Security Settings > Event Logs > Retain All For 7 Days
    Security Settings > Account Policies > Audit Object Access For Success & Failure
    Security Settings > User Rights Assignments > Generate Security Audits Eveyone Group
    Security Settings > User Rights Assignments > Manage Auditing & Security Log Administrators Group

    I have then run a gpudate on the server and restarted my two XP workstations. I then try and delete some files in the \\Server1\Files and this gets denied, which should generate an audit log.

    I go to the Event Viewer (Local) on the Server (logged in as Administrator) and check the Security Logs, and nothing is there for the XP workstations only the Server. Which I figure is correct as its the Event Viewer (Local)

    So I try and connect to Another PC using Event Viewer and I recieve the Message 'Access Is Denied'

    I can connect using Computer Management to the XP workstation, when I go to access the Event Viewer, it states 'Access Is Denied'.

    Does anyone know which GPO I need to enable to view the Event Log on another PC? and also is this the correct way to view Event Logs on a Workstation?

    Thanks in advance for your help!
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  2. onoski

    onoski Terabyte Poster

    3,120
    51
    154
    This is clearly a permission issue, I'd look at the permissions carefully and alter as appropriate. I did have a similar issue at work once and it took me and another colleague a good few days to figure out the culprit after much hacking at it:)
     
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  3. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    That is exactly what I was thinking. I believe I have pretty much everything set up OK to record the Event Logs.

    Going to have a dig around later tonight and check the Administrator permissions to connect to a different PC on the network.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Couldn't wait until tonight, this is bugging me :)

    Just checked a few Permissions, which are as follows:

    Domain Group Policy Object

    Security Settings > User Rights Assignments > Access This Computer From The Network Administrators & Remote Desktop Users

    Going to have a look at Firewall Settings as well, as I'm wondering if this could be blocking the connection.

    Any other ideas would be appreciated :)
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. Gingerdave

    Gingerdave Megabyte Poster

    991
    44
    74
    as a work round try making your self a local administrator on the machine you want to audit. I had a case yesterday where my domain admin credentials weren't being recognised but if I created a local user with admin credentials it was accepted.
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Figured it out!

    You are unable to connect to other computers using the Built In Admin account. When I assigned another Admin account with the Enterprise Admin, Domain Admin permissions, voila it worked :)
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5

Share This Page

Loading...