"

Process event log backup without domain administrator permissions

Last review: Jul 07, 2013
https://kb.netwrix.com/157
Copy Article URL Copied

If your service account is not a member of the domain administrator group and you would like the product to process event log backups please perform the following steps:

  1. Add your service account to one of following groups: Print Operators Or Server Operators
  2. Specify Read permissions for the following registry node: HKLMSystemCurrentControlSetServicesEventLogSecurity on all Domain Controllers
  3. Share the folder with event log backups (default is C:WindowsSystem32winevtLogs ) on all Domain Controllers
  4. Specify read permissions for the event log backup folder (default is C:WindowsSystem32winevtLogs ) on all Domain Controllers

If you have too many Domain Controllers you can create a new group policy to apply these setting to all Domain Controllers.
To create new group policy please perform the following steps:
 

  1. Run gpmc.msc
  2. Create new policy object and link it to the Domain Controllers OU (right-click the Domain Controllers OU and select Link Existing GPO then select the policy that you've just created)
  3. Edit the policy that you've just created.
  4. Navigate to the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsRegistry
  5. Right-click the Registry, select Add Key, Select the following key: HKLMSystemCurrentControlSetServicesEventLogSecurity, press OK
  6. Add the Netwrix service account, specify Read permissions
  7. Navigate to the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsFile System
  8. Right-click the File System, select Add File, Select the following folder: C:WindowsSystem32winevtLogs, press OK
  9. Add the Netwrix service account, specify Full controll
  10. Navigate to the Computer ConfigurationPreferencesWindows SettingsNetwork Shares
  11. Right-click the Network SharesNewNetwork Share
  12. Select Update at the Action drop-down menu, specify Share name (e.g. EventLogs), specify the following folder to the Folder Path area: C:WindowsSystem32winevtLogs, press OK

After replication, all your domain controllers will have the EventLogs shared folder with event logs in it and the product will be able to process backups.

Go Up