dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed

AsherN
Premium
join:2010-08-23
Thornhill, ON
reply to drew

Re: Nitro monitoring of Active Directory (2008R2)

They may need access to the logs, but I should not have to compromise the very security they want to audit to give it to them.



drew
Automatic
Premium
join:2002-07-10
Port Orchard, WA
kudos:6

Except telling them to go take a flying leap is (almost) never the correct solution.

It's your job as a SA to provide solutions to issues/requests.

As for this particular issue, there's ALREADY a solution if, for whatever reason, they're unable to pull the logs...

Script out (using PSH or VBS) the archival of the event logs to a share that is accessible by that log management utility. No special permissions required.
--
flickr | Of faith, power and glory


AsherN
Premium
join:2010-08-23
Thornhill, ON

Except, I can understand the security group's resistance to the exported logs. No way of knowing if they have been tamperd with.

The real solution is software that does not require Domain Admin.



drew
Automatic
Premium
join:2002-07-10
Port Orchard, WA
kudos:6

Write protected directory that only DA/EAs can write to, read-only for the service account the software will use. R/W to the service account used for dumping the logs.

That's no less secure than the current system.

In reality, it's probably an easily solved problem that's won't require DA to run at log management software.

FWIW, I work in an extremely security conscious environment and even we allow log shipping in the fashion I've described.
--
flickr | Of faith, power and glory