AsherN Premium Member join:2010-08-23 Thornhill, ON |
to drew
Re: Nitro monitoring of Active Directory (2008R2)They may need access to the logs, but I should not have to compromise the very security they want to audit to give it to them. |
|
drewRadiant Premium Member join:2002-07-10 Port Orchard, WA |
drew
Premium Member
2012-Mar-2 5:20 pm
Except telling them to go take a flying leap is (almost) never the correct solution.
It's your job as a SA to provide solutions to issues/requests.
As for this particular issue, there's ALREADY a solution if, for whatever reason, they're unable to pull the logs...
Script out (using PSH or VBS) the archival of the event logs to a share that is accessible by that log management utility. No special permissions required. |
|
AsherN Premium Member join:2010-08-23 Thornhill, ON |
AsherN
Premium Member
2012-Mar-4 12:28 am
Except, I can understand the security group's resistance to the exported logs. No way of knowing if they have been tamperd with.
The real solution is software that does not require Domain Admin. |
|
drewRadiant Premium Member join:2002-07-10 Port Orchard, WA |
drew
Premium Member
2012-Mar-4 12:35 am
Write protected directory that only DA/EAs can write to, read-only for the service account the software will use. R/W to the service account used for dumping the logs.
That's no less secure than the current system.
In reality, it's probably an easily solved problem that's won't require DA to run at log management software.
FWIW, I work in an extremely security conscious environment and even we allow log shipping in the fashion I've described. |
|