When the User Is a Normal Domain User, How to Provide the Read Permission on a DNS Log for a Particular DNS Server

Article
1/17/2024

Open Registry Editor

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD

b) Append to the original value above this string: (A;;0x1;;;SID)

For example, the original value of CustomSD for Application log is:

O:BAG:SYD:(A;;0x1;;;AU)(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)
the value you need to set in the item "Eventlog: Security descriptor for Application event log" should be like:
O:BAG:SYD:(A;;0x1;;;AU)(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x1;;;S-1-5-21-3211348086-2200026103-929403915-11722)

Instead of adding a user SID , add a group SID so next time you can add a user on that group for giving the same permission, I have tested that and that should be OK.

_____________________________________________________________________

Original URL: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/1dca0cee-2886-4749-8c09-8a6d56d02c0e/

Download the SID finder tool from the below link.

http://sites.google.com/site/bshwjt/objsid.zip

Share via

When the User Is a Normal Domain User, How to Provide the Read Permission on a DNS Log for a Particular DNS Server

Additional resources