Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. A domain user may be able to access security logs even though the user does not have the "Manage auditing and security log" user right in Windows Server 2003

A domain user may be able to access security logs even though the user does not have the "Manage auditing and security log" user right in Windows Server 2003

View products that this article applies to.

Symptoms

In a Windows Server 2003-Based domain, if a domain user is also a local administrator, the domain user may be able to access and view security logs. This behavior occurs even if the domain user does not have the Manage auditing and security log user right.

↑ Back to the top

Cause

This issue occurs because of behavior that occurs when a member of the local administrators group runs the Event Viewer Microsoft Management Console (MMC) snap-in. In Windows Server 2003, not all actions are performed under the context of the user who runs the process. Some actions that are performed by event viewer run under the context of the SYSTEM account. These actions that run under the context of the SYSTEM account cause the issue.

Note This behavior changes if you run Event Viewer by using a user account that is not a member of the local administrators group.

↑ Back to the top

Resolution

No resolution currently exists for this behavior.

↑ Back to the top

Keywords: KB951026, kbprb, kbtshoot, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 951026
Revision : 1
Created on : 4/8/2008
Published on : 4/8/2008
Exists online : False
Views : 202