[logs] Remote log access

[David Corlette]

Hi,

You actually don't need admin rights; there's a special group "Distributed COM Users", and some other WMI access permissions that you need, but you can get this done with less permissions.  It's a total pain to set up, however, as Windows seems to hide permissions to each little COM module, WMI namespace, and so on in fifteen different utilities.  But it does work.

Or at least, our Sentinel product can do this, I don't know about the SIM solution you are using.
-- 

David Corlette
Sr. Technical Consultant
DCorlette at novell.com 
703-663-5517
 ( http://www.novell.com/solutions/open.html )


>>> On 6/28/2007 at 1:30 AM, in message
<74fb60700706272230y95f2978rdec5d74e22107cb8 at mail.gmail.com>, "saudi sans"
<saudisans at gmail.com> wrote:
> We are using a SIM solution which has an agent which picks up windows
> logs remotely.
> 
> On this agent we have to give a user-id/password of the target server
> from where windows event logs have to be picked up. This
> user-id/password needs admin rights on target server. The agent also
> needs remote registry access on target server. It works well.
> 
> But I am not comfortable giving admin rights and remote registry
> access just for pulling event logs.
> 
>>From microsoft experts on this list - what minimum permissions are to
> be provided on a target windows machine for a remote software to
> access its event logs?
> 
> I am aware of solutions which push out the logs from the windows to
> the agent , but i am specifically interested in the pull model with
> just-the-minimum privileges.
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org 
> http://www.loganalysis.org/mailman/listinfo/loganalysis