Sunday, April 17, 2011

Event log permissions in Server 2008

Configuring the permissions for an event log in Server 2003 and earlier required processing the SDDL at this registry entry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD

To get the SDDL in Server 2008, use the following PowerShell:
$currentSddl = ([xml](wevtutil.exe gl $logName /f:xml)).channel.channelAccess

And to write it back:
wevtutil sl $logName /ca:$newSddl

0 comments:

Post a Comment