A domain user may be able to access security logs even though the user does not have the "Manage auditing and security log" user right in Windows Server 2003

Article translations Article translations
Article ID: 951026 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

In a Windows Server 2003-Based domain, if a domain user is also a local administrator, the domain user may be able to access and view security logs. This behavior occurs even if the domain user does not have the Manage auditing and security log user right.

CAUSE

This issue occurs because of behavior that occurs when a member of the local administrators group runs the Event Viewer Microsoft Management Console (MMC) snap-in. In Windows Server 2003, not all actions are performed under the context of the user who runs the process. Some actions that are performed by event viewer run under the context of the SYSTEM account. These actions that run under the context of the SYSTEM account cause the issue.

Note This behavior changes if you run Event Viewer by using a user account that is not a member of the local administrators group.

RESOLUTION

No resolution currently exists for this behavior.

Properties

Article ID: 951026 - Last Review: April 8, 2008 - Revision: 1.0
APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Keywords: 
kbexpertiseinter kbtshoot kbprb KB951026

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com