How to Grant Write Access to Windows Server 2012 R2 Application Event LogHow to make user not be part of...
Binary Numbers Magic Trick
Was there a Viking Exchange as well as a Columbian one?
What is the most expensive material in the world that could be used to create Pun-Pun's lute?
Stop and Take a Breath!
How to reduce LED flash rate (frequency)
What is the difference between `command a[bc]d` and `command `a{b,c}d`
Using a Lyapunov function to classify stability and sketching a phase portrait
Why is it that the natural deduction method can't test for invalidity?
Do I have an "anti-research" personality?
Why does nature favour the Laplacian?
Why do Computer Science majors learn Calculus?
Controversial area of mathematics
Noun clause (singular all the time?)
How do I reattach a shelf to the wall when it ripped out of the wall?
What makes accurate emulation of old systems a difficult task?
With a Canadian student visa, can I spend a night at Vancouver before continuing to Toronto?
What route did the Hindenburg take when traveling from Germany to the U.S.?
How did Captain America manage to do this?
How can the Zone of Truth spell be defeated without the caster knowing?
Meaning of Bloch representation
What happened to Captain America in Endgame?
Error message with tabularx
How to pronounce 'C++' in Spanish
Critique of timeline aesthetic
How to Grant Write Access to Windows Server 2012 R2 Application Event Log
How to make user not be part of Users group in Windows?How to specify SIDs in Security Policy?How to protect an SMB shared directory with a password on WIndows Server 2008?Newly Created Domain Admin has Less PermissionsSharing and Security permissions for domain and local users and groupsFile permissions “Administrators: Full Control”. Why isn't it always sufficient?Failed Authentication Against Windows Server 2012 R2 RADIUS Using PAPAdministrator being asked for admin password when running admin programsUse icacls to give only read+execute accessExchange inherited permissions
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I'm running Windows Server 2012 R2 and under that I'm running VMWare Workstation Pro. When Workstation is installed, the user Group __vmware__
is created for VMWare Workstation users. I've added my host machine (i.e. Windows Server 2012 R2) user account (a member of Users, not a member of Administrators) to the __vmware__
Group.
On the host I'd like to create event log entries in the Application event log while running as my user account related to the state of the virtual machines running under VMWare.
From a command window on the host, I type whoami all
and get the following:
USER INFORMATION
----------------
User Name SID
========= ==============================================
mtemike S-1-5-21-1052476717-3500785571-2838594007-1118
GROUP INFORMATION
-----------------
Group Name Type SID
Attributes
========================================== ================ ====================
========================== =====================================================
==========
Everyone Well-known group S-1-1-0
Mandatory group, Enabled by default, Enabled group
BUILTINUsers Alias S-1-5-32-545
Mandatory group, Enabled by default, Enabled group
BUILTINCertificate Service DCOM Access Alias S-1-5-32-574
Mandatory group, Enabled by default, Enabled group
BUILTINPre-Windows 2000 Compatible Access Alias S-1-5-32-554
Group used for deny only
NT AUTHORITYINTERACTIVE Well-known group S-1-5-4
Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYAuthenticated Users Well-known group S-1-5-11
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYThis Organization Well-known group S-1-5-15
Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0
Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1
Mandatory group, Enabled by default, Enabled group
MTE__vmware__ Alias S-1-5-21-1052476717-
3500785571-2838594007-1131 Mandatory group, Enabled by default, Enabled group, L
ocal Group
Mandatory LabelMedium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
Note that my user account is a member of __vmware__
and the the SID is S-1-5-21-1052476717-3500785571-2838594007-1131
.
From an Administrator account, I edit the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogApplication
And modify the CustomSD
entry as follows:
O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
Here you can see that the __vmware__
Group has been granted Read and Write access to the Application event log.
Yet, when I attempt to create a log entry:
eventcreate /SO TestEventMsg /Id 1 /D "This is a test message" /T INFORMATION /L Application
I get an Access denied error.
What am I not doing correctly?
UPDATE 2016-12-03
I tried the user2304170's suggestion and this is what I got:
PS C:UsersNetadminDocuments> ./GrantEventLogAccess.ps1 -Account '__vmware__' -LogName Application
Failed to save configuration or activate log Application. Access is denied.
name: Application
enabled: true
type: Admin
owningPublisher:
isolation: Application
channelAccess: O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)
(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
logFileName: %SystemRoot%System32WinevtLogsApplication.evtx
retention: false
autoBackup: false
maxSize: 20971520
publishing:
fileMax: 1
PS C:UsersNetadminDocuments>
permissions windows-server-2012-r2 event-log
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I'm running Windows Server 2012 R2 and under that I'm running VMWare Workstation Pro. When Workstation is installed, the user Group __vmware__
is created for VMWare Workstation users. I've added my host machine (i.e. Windows Server 2012 R2) user account (a member of Users, not a member of Administrators) to the __vmware__
Group.
On the host I'd like to create event log entries in the Application event log while running as my user account related to the state of the virtual machines running under VMWare.
From a command window on the host, I type whoami all
and get the following:
USER INFORMATION
----------------
User Name SID
========= ==============================================
mtemike S-1-5-21-1052476717-3500785571-2838594007-1118
GROUP INFORMATION
-----------------
Group Name Type SID
Attributes
========================================== ================ ====================
========================== =====================================================
==========
Everyone Well-known group S-1-1-0
Mandatory group, Enabled by default, Enabled group
BUILTINUsers Alias S-1-5-32-545
Mandatory group, Enabled by default, Enabled group
BUILTINCertificate Service DCOM Access Alias S-1-5-32-574
Mandatory group, Enabled by default, Enabled group
BUILTINPre-Windows 2000 Compatible Access Alias S-1-5-32-554
Group used for deny only
NT AUTHORITYINTERACTIVE Well-known group S-1-5-4
Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYAuthenticated Users Well-known group S-1-5-11
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYThis Organization Well-known group S-1-5-15
Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0
Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1
Mandatory group, Enabled by default, Enabled group
MTE__vmware__ Alias S-1-5-21-1052476717-
3500785571-2838594007-1131 Mandatory group, Enabled by default, Enabled group, L
ocal Group
Mandatory LabelMedium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
Note that my user account is a member of __vmware__
and the the SID is S-1-5-21-1052476717-3500785571-2838594007-1131
.
From an Administrator account, I edit the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogApplication
And modify the CustomSD
entry as follows:
O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
Here you can see that the __vmware__
Group has been granted Read and Write access to the Application event log.
Yet, when I attempt to create a log entry:
eventcreate /SO TestEventMsg /Id 1 /D "This is a test message" /T INFORMATION /L Application
I get an Access denied error.
What am I not doing correctly?
UPDATE 2016-12-03
I tried the user2304170's suggestion and this is what I got:
PS C:UsersNetadminDocuments> ./GrantEventLogAccess.ps1 -Account '__vmware__' -LogName Application
Failed to save configuration or activate log Application. Access is denied.
name: Application
enabled: true
type: Admin
owningPublisher:
isolation: Application
channelAccess: O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)
(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
logFileName: %SystemRoot%System32WinevtLogsApplication.evtx
retention: false
autoBackup: false
maxSize: 20971520
publishing:
fileMax: 1
PS C:UsersNetadminDocuments>
permissions windows-server-2012-r2 event-log
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Did you run user2304170's suggestion in an admin powershell window?
– cjb110
Jul 20 '18 at 12:49
Sorry, I can't recall and I've given up using Windows Server as a VM host.
– mbmast
Jul 20 '18 at 18:52
add a comment |
I'm running Windows Server 2012 R2 and under that I'm running VMWare Workstation Pro. When Workstation is installed, the user Group __vmware__
is created for VMWare Workstation users. I've added my host machine (i.e. Windows Server 2012 R2) user account (a member of Users, not a member of Administrators) to the __vmware__
Group.
On the host I'd like to create event log entries in the Application event log while running as my user account related to the state of the virtual machines running under VMWare.
From a command window on the host, I type whoami all
and get the following:
USER INFORMATION
----------------
User Name SID
========= ==============================================
mtemike S-1-5-21-1052476717-3500785571-2838594007-1118
GROUP INFORMATION
-----------------
Group Name Type SID
Attributes
========================================== ================ ====================
========================== =====================================================
==========
Everyone Well-known group S-1-1-0
Mandatory group, Enabled by default, Enabled group
BUILTINUsers Alias S-1-5-32-545
Mandatory group, Enabled by default, Enabled group
BUILTINCertificate Service DCOM Access Alias S-1-5-32-574
Mandatory group, Enabled by default, Enabled group
BUILTINPre-Windows 2000 Compatible Access Alias S-1-5-32-554
Group used for deny only
NT AUTHORITYINTERACTIVE Well-known group S-1-5-4
Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYAuthenticated Users Well-known group S-1-5-11
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYThis Organization Well-known group S-1-5-15
Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0
Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1
Mandatory group, Enabled by default, Enabled group
MTE__vmware__ Alias S-1-5-21-1052476717-
3500785571-2838594007-1131 Mandatory group, Enabled by default, Enabled group, L
ocal Group
Mandatory LabelMedium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
Note that my user account is a member of __vmware__
and the the SID is S-1-5-21-1052476717-3500785571-2838594007-1131
.
From an Administrator account, I edit the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogApplication
And modify the CustomSD
entry as follows:
O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
Here you can see that the __vmware__
Group has been granted Read and Write access to the Application event log.
Yet, when I attempt to create a log entry:
eventcreate /SO TestEventMsg /Id 1 /D "This is a test message" /T INFORMATION /L Application
I get an Access denied error.
What am I not doing correctly?
UPDATE 2016-12-03
I tried the user2304170's suggestion and this is what I got:
PS C:UsersNetadminDocuments> ./GrantEventLogAccess.ps1 -Account '__vmware__' -LogName Application
Failed to save configuration or activate log Application. Access is denied.
name: Application
enabled: true
type: Admin
owningPublisher:
isolation: Application
channelAccess: O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)
(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
logFileName: %SystemRoot%System32WinevtLogsApplication.evtx
retention: false
autoBackup: false
maxSize: 20971520
publishing:
fileMax: 1
PS C:UsersNetadminDocuments>
permissions windows-server-2012-r2 event-log
I'm running Windows Server 2012 R2 and under that I'm running VMWare Workstation Pro. When Workstation is installed, the user Group __vmware__
is created for VMWare Workstation users. I've added my host machine (i.e. Windows Server 2012 R2) user account (a member of Users, not a member of Administrators) to the __vmware__
Group.
On the host I'd like to create event log entries in the Application event log while running as my user account related to the state of the virtual machines running under VMWare.
From a command window on the host, I type whoami all
and get the following:
USER INFORMATION
----------------
User Name SID
========= ==============================================
mtemike S-1-5-21-1052476717-3500785571-2838594007-1118
GROUP INFORMATION
-----------------
Group Name Type SID
Attributes
========================================== ================ ====================
========================== =====================================================
==========
Everyone Well-known group S-1-1-0
Mandatory group, Enabled by default, Enabled group
BUILTINUsers Alias S-1-5-32-545
Mandatory group, Enabled by default, Enabled group
BUILTINCertificate Service DCOM Access Alias S-1-5-32-574
Mandatory group, Enabled by default, Enabled group
BUILTINPre-Windows 2000 Compatible Access Alias S-1-5-32-554
Group used for deny only
NT AUTHORITYINTERACTIVE Well-known group S-1-5-4
Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYAuthenticated Users Well-known group S-1-5-11
Mandatory group, Enabled by default, Enabled group
NT AUTHORITYThis Organization Well-known group S-1-5-15
Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0
Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1
Mandatory group, Enabled by default, Enabled group
MTE__vmware__ Alias S-1-5-21-1052476717-
3500785571-2838594007-1131 Mandatory group, Enabled by default, Enabled group, L
ocal Group
Mandatory LabelMedium Mandatory Level Label S-1-16-8192
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
Note that my user account is a member of __vmware__
and the the SID is S-1-5-21-1052476717-3500785571-2838594007-1131
.
From an Administrator account, I edit the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogApplication
And modify the CustomSD
entry as follows:
O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
Here you can see that the __vmware__
Group has been granted Read and Write access to the Application event log.
Yet, when I attempt to create a log entry:
eventcreate /SO TestEventMsg /Id 1 /D "This is a test message" /T INFORMATION /L Application
I get an Access denied error.
What am I not doing correctly?
UPDATE 2016-12-03
I tried the user2304170's suggestion and this is what I got:
PS C:UsersNetadminDocuments> ./GrantEventLogAccess.ps1 -Account '__vmware__' -LogName Application
Failed to save configuration or activate log Application. Access is denied.
name: Application
enabled: true
type: Admin
owningPublisher:
isolation: Application
channelAccess: O:BAG:SYD:(A;;0x3;;;S-1-5-21-1052476717-3500785571-2838594007-1131)(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)
(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
logFileName: %SystemRoot%System32WinevtLogsApplication.evtx
retention: false
autoBackup: false
maxSize: 20971520
publishing:
fileMax: 1
PS C:UsersNetadminDocuments>
permissions windows-server-2012-r2 event-log
permissions windows-server-2012-r2 event-log
edited Dec 3 '16 at 20:38
mbmast
asked Mar 14 '16 at 19:44
mbmastmbmast
193211
193211
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Did you run user2304170's suggestion in an admin powershell window?
– cjb110
Jul 20 '18 at 12:49
Sorry, I can't recall and I've given up using Windows Server as a VM host.
– mbmast
Jul 20 '18 at 18:52
add a comment |
Did you run user2304170's suggestion in an admin powershell window?
– cjb110
Jul 20 '18 at 12:49
Sorry, I can't recall and I've given up using Windows Server as a VM host.
– mbmast
Jul 20 '18 at 18:52
Did you run user2304170's suggestion in an admin powershell window?
– cjb110
Jul 20 '18 at 12:49
Did you run user2304170's suggestion in an admin powershell window?
– cjb110
Jul 20 '18 at 12:49
Sorry, I can't recall and I've given up using Windows Server as a VM host.
– mbmast
Jul 20 '18 at 18:52
Sorry, I can't recall and I've given up using Windows Server as a VM host.
– mbmast
Jul 20 '18 at 18:52
add a comment |
2 Answers
2
active
oldest
votes
Puzzling stuff together on the internet I've created this little script for it:
<#
.SYNOPSIS
Add write permissions to the Windows Event Log for a specific AD object.
.DESCRIPTION
Add write permissions to the Windows Event Log for a specific AD object.
.PARAMETER Account
Active directory object that needs write permissions.
.PARAMETER LogName
Name of the log where we grant permissions
.EXAMPLE
./script.ps! -Account 'Domain users' -LogName Application
.NOTES
CHANGELOG
2016/09/12 Script born #>
Param (
[String]$Account = 'Bob',
[String]$LogName = 'Application'
)
Write-Verbose "Retrieving SID for account '$Account'"
$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$SID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Verbose "Found SID for account $($SID.Value)"
$w = wevtutil gl $LogName
$channelAccess = $w[5]
if ($channelAccess.Contains('channelAccess:')) {
$str = $channelAccess.Replace('channelAccess: ','')
if ($str.Contains($SID.Value) -eq $false) {
$newstr = $str +"(A;;0x3;;;"+$SID.Value+")"
Write-Verbose "Adding '$newstr'"
wevtutil sl $LogName /ca:$newstr
Write-Verbose "Update complete new value is"
wevtutil gl $LogName
}
else {
Write-Verbose "Update not needed"
}
}
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
add a comment |
I haven't tested this in full but if you go to this registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlog
You can right-click on the Eventlog folder and give permissions to the user you want to allow access or you can choose the Event log.
This did not work.
– mbmast
Dec 3 '16 at 23:01
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052830%2fhow-to-grant-write-access-to-windows-server-2012-r2-application-event-log%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Puzzling stuff together on the internet I've created this little script for it:
<#
.SYNOPSIS
Add write permissions to the Windows Event Log for a specific AD object.
.DESCRIPTION
Add write permissions to the Windows Event Log for a specific AD object.
.PARAMETER Account
Active directory object that needs write permissions.
.PARAMETER LogName
Name of the log where we grant permissions
.EXAMPLE
./script.ps! -Account 'Domain users' -LogName Application
.NOTES
CHANGELOG
2016/09/12 Script born #>
Param (
[String]$Account = 'Bob',
[String]$LogName = 'Application'
)
Write-Verbose "Retrieving SID for account '$Account'"
$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$SID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Verbose "Found SID for account $($SID.Value)"
$w = wevtutil gl $LogName
$channelAccess = $w[5]
if ($channelAccess.Contains('channelAccess:')) {
$str = $channelAccess.Replace('channelAccess: ','')
if ($str.Contains($SID.Value) -eq $false) {
$newstr = $str +"(A;;0x3;;;"+$SID.Value+")"
Write-Verbose "Adding '$newstr'"
wevtutil sl $LogName /ca:$newstr
Write-Verbose "Update complete new value is"
wevtutil gl $LogName
}
else {
Write-Verbose "Update not needed"
}
}
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
add a comment |
Puzzling stuff together on the internet I've created this little script for it:
<#
.SYNOPSIS
Add write permissions to the Windows Event Log for a specific AD object.
.DESCRIPTION
Add write permissions to the Windows Event Log for a specific AD object.
.PARAMETER Account
Active directory object that needs write permissions.
.PARAMETER LogName
Name of the log where we grant permissions
.EXAMPLE
./script.ps! -Account 'Domain users' -LogName Application
.NOTES
CHANGELOG
2016/09/12 Script born #>
Param (
[String]$Account = 'Bob',
[String]$LogName = 'Application'
)
Write-Verbose "Retrieving SID for account '$Account'"
$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$SID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Verbose "Found SID for account $($SID.Value)"
$w = wevtutil gl $LogName
$channelAccess = $w[5]
if ($channelAccess.Contains('channelAccess:')) {
$str = $channelAccess.Replace('channelAccess: ','')
if ($str.Contains($SID.Value) -eq $false) {
$newstr = $str +"(A;;0x3;;;"+$SID.Value+")"
Write-Verbose "Adding '$newstr'"
wevtutil sl $LogName /ca:$newstr
Write-Verbose "Update complete new value is"
wevtutil gl $LogName
}
else {
Write-Verbose "Update not needed"
}
}
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
add a comment |
Puzzling stuff together on the internet I've created this little script for it:
<#
.SYNOPSIS
Add write permissions to the Windows Event Log for a specific AD object.
.DESCRIPTION
Add write permissions to the Windows Event Log for a specific AD object.
.PARAMETER Account
Active directory object that needs write permissions.
.PARAMETER LogName
Name of the log where we grant permissions
.EXAMPLE
./script.ps! -Account 'Domain users' -LogName Application
.NOTES
CHANGELOG
2016/09/12 Script born #>
Param (
[String]$Account = 'Bob',
[String]$LogName = 'Application'
)
Write-Verbose "Retrieving SID for account '$Account'"
$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$SID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Verbose "Found SID for account $($SID.Value)"
$w = wevtutil gl $LogName
$channelAccess = $w[5]
if ($channelAccess.Contains('channelAccess:')) {
$str = $channelAccess.Replace('channelAccess: ','')
if ($str.Contains($SID.Value) -eq $false) {
$newstr = $str +"(A;;0x3;;;"+$SID.Value+")"
Write-Verbose "Adding '$newstr'"
wevtutil sl $LogName /ca:$newstr
Write-Verbose "Update complete new value is"
wevtutil gl $LogName
}
else {
Write-Verbose "Update not needed"
}
}
Puzzling stuff together on the internet I've created this little script for it:
<#
.SYNOPSIS
Add write permissions to the Windows Event Log for a specific AD object.
.DESCRIPTION
Add write permissions to the Windows Event Log for a specific AD object.
.PARAMETER Account
Active directory object that needs write permissions.
.PARAMETER LogName
Name of the log where we grant permissions
.EXAMPLE
./script.ps! -Account 'Domain users' -LogName Application
.NOTES
CHANGELOG
2016/09/12 Script born #>
Param (
[String]$Account = 'Bob',
[String]$LogName = 'Application'
)
Write-Verbose "Retrieving SID for account '$Account'"
$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$SID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Verbose "Found SID for account $($SID.Value)"
$w = wevtutil gl $LogName
$channelAccess = $w[5]
if ($channelAccess.Contains('channelAccess:')) {
$str = $channelAccess.Replace('channelAccess: ','')
if ($str.Contains($SID.Value) -eq $false) {
$newstr = $str +"(A;;0x3;;;"+$SID.Value+")"
Write-Verbose "Adding '$newstr'"
wevtutil sl $LogName /ca:$newstr
Write-Verbose "Update complete new value is"
wevtutil gl $LogName
}
else {
Write-Verbose "Update not needed"
}
}
answered Sep 12 '16 at 12:42
user2304170user2304170
1011
1011
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
add a comment |
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
Thanks. I'll give this a try in a couple of weeks. Out of the country at the moment.
– mbmast
Sep 12 '16 at 12:49
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
See my update. I tried you suggestion.
– mbmast
Dec 3 '16 at 20:39
add a comment |
I haven't tested this in full but if you go to this registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlog
You can right-click on the Eventlog folder and give permissions to the user you want to allow access or you can choose the Event log.
This did not work.
– mbmast
Dec 3 '16 at 23:01
add a comment |
I haven't tested this in full but if you go to this registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlog
You can right-click on the Eventlog folder and give permissions to the user you want to allow access or you can choose the Event log.
This did not work.
– mbmast
Dec 3 '16 at 23:01
add a comment |
I haven't tested this in full but if you go to this registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlog
You can right-click on the Eventlog folder and give permissions to the user you want to allow access or you can choose the Event log.
I haven't tested this in full but if you go to this registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlog
You can right-click on the Eventlog folder and give permissions to the user you want to allow access or you can choose the Event log.
edited Nov 17 '16 at 1:09
3498DB
16k114862
16k114862
answered Nov 17 '16 at 0:38
user664741user664741
1
1
This did not work.
– mbmast
Dec 3 '16 at 23:01
add a comment |
This did not work.
– mbmast
Dec 3 '16 at 23:01
This did not work.
– mbmast
Dec 3 '16 at 23:01
This did not work.
– mbmast
Dec 3 '16 at 23:01
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052830%2fhow-to-grant-write-access-to-windows-server-2012-r2-application-event-log%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Did you run user2304170's suggestion in an admin powershell window?
– cjb110
Jul 20 '18 at 12:49
Sorry, I can't recall and I've given up using Windows Server as a VM host.
– mbmast
Jul 20 '18 at 18:52