dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
17
AsherN
Premium Member
join:2010-08-23
Thornhill, ON

AsherN to drew

Premium Member

to drew

Re: Nitro monitoring of Active Directory (2008R2)

They may need access to the logs, but I should not have to compromise the very security they want to audit to give it to them.

drew
Radiant
Premium Member
join:2002-07-10
Port Orchard, WA

drew

Premium Member

Except telling them to go take a flying leap is (almost) never the correct solution.

It's your job as a SA to provide solutions to issues/requests.

As for this particular issue, there's ALREADY a solution if, for whatever reason, they're unable to pull the logs...

Script out (using PSH or VBS) the archival of the event logs to a share that is accessible by that log management utility. No special permissions required.
AsherN
Premium Member
join:2010-08-23
Thornhill, ON

AsherN

Premium Member

Except, I can understand the security group's resistance to the exported logs. No way of knowing if they have been tamperd with.

The real solution is software that does not require Domain Admin.

drew
Radiant
Premium Member
join:2002-07-10
Port Orchard, WA

drew

Premium Member

Write protected directory that only DA/EAs can write to, read-only for the service account the software will use. R/W to the service account used for dumping the logs.

That's no less secure than the current system.

In reality, it's probably an easily solved problem that's won't require DA to run at log management software.

FWIW, I work in an extremely security conscious environment and even we allow log shipping in the fashion I've described.