Trey Stevens wrote:
>
> Is there a place in group policy in which you can define who can read the
> security logs? In our shop, we have domain controllers at sites in which the
> IT staffs are not domain admins but still need to be able to see the
> security logs to look for account lockouts.
>
Have you experimented with the "account lockout status" tool,
lockoutstatus.exe, found in the 2003 res kit?
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
>
> Is there a place in group policy in which you can define who can read the
> security logs? In our shop, we have domain controllers at sites in which the
> IT staffs are not domain admins but still need to be able to see the
> security logs to look for account lockouts.
>
Have you experimented with the "account lockout status" tool,
lockoutstatus.exe, found in the 2003 res kit?
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]