eventlog Security Group for Windows Event Logs

I had a bit of a hard time with this one, so hopefully I can save someone else the trouble of finding this information…

We have a security requirement to configure the ACLs for event logs so their access is restricted.  In Windows 7/Server 2008, a new virtual account, “eventlog” is required to have full access to the logs to ensure proper functionality.

Since we configure the ACLs using Group Policy, I needed to include this as part of a file permission set.  In order to do this you must search for “NT SERVICE\eventlog” on the local machine.  You will not be able to locate the account any other way.

I suspect that this can also be configured using SDDL in the new event log GP Admin Templates, but haven’t had a chance to play with that.  If anyone has any experience with this policy, please link a post to my site…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: