access to "manage auditing and security log"

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have many PC's running Win XP that connect to a AD domain with W2K3
servers. Most run the Microsoft updates just fine, but one PC was telling me
that I didn't have permission to install updates. This occured under either
local or domain admin accounts. I looked in "local security settings" and
determined that the only permissions to "manage auditing and security log"
were for a group called "domain\Exchange Enterprise Servers." I was not
allowed to add or change this setting. I worked around the problem by adding
the domain admins to the "exchange enterprise servers" group in my domain.
Now I can run the updates just fine on this PC. However, I'd really like to
get the administrators group to have "manage auditing and security log"
permissions. I'm worried that if I ever remove this computer from the
domain, no one will be able to install updates.

Any suggestions?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

> I have many PC's running Win XP that connect to a AD domain with W2K3
> servers.

To facilitate updating Workstations :

Windows Server Update Services Product Overview
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/overview.mspx

> but one PC was telling me that I didn't have permission to install updates.

Did the PC in question successfully update in the past ? If so, have you
scanned for malware ? Some malware variants will reset permissions or
damage system files resulting in a failure to install updates/patches.

Start, Run, type
regsvr32 initpki.dll
Enter

If that doesn't resolve the issue, check the WindowsUpdate.log for an
error code associated with the failed update installation. Then go to
the Windows Update (v6) Troubleshooter for a suggested resolution for
that specific error.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============


Dave Cattapan wrote:

> I have many PC's running Win XP that connect to a AD domain with W2K3
> servers. Most run the Microsoft updates just fine, but one PC was telling me
> that I didn't have permission to install updates. This occured under either
> local or domain admin accounts. I looked in "local security settings" and
> determined that the only permissions to "manage auditing and security log"
> were for a group called "domain\Exchange Enterprise Servers." I was not
> allowed to add or change this setting. I worked around the problem by adding
> the domain admins to the "exchange enterprise servers" group in my domain.
> Now I can run the updates just fine on this PC. However, I'd really like to
> get the administrators group to have "manage auditing and security log"
> permissions. I'm worried that if I ever remove this computer from the
> domain, no one will be able to install updates.
>
> Any suggestions?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks, but it appears that I'm not getting the problem across to you.

My problem is, how to I get the "administrators" security group access to
the "manage auditing and security log" in the local security settings? Right
now, the only group that has this access is "Exchange Enterprise servers."

Thanks,

Dave

"MowGreen [MVP]" wrote:

> > I have many PC's running Win XP that connect to a AD domain with W2K3
> > servers.
>
> To facilitate updating Workstations :
>
> Windows Server Update Services Product Overview
> http://www.microsoft.com/windowsserversystem/updateservices/evaluation/overview.mspx
>
> > but one PC was telling me that I didn't have permission to install updates.
>
> Did the PC in question successfully update in the past ? If so, have you
> scanned for malware ? Some malware variants will reset permissions or
> damage system files resulting in a failure to install updates/patches.
>
> Start, Run, type
> regsvr32 initpki.dll
> Enter
>
> If that doesn't resolve the issue, check the WindowsUpdate.log for an
> error code associated with the failed update installation. Then go to
> the Windows Update (v6) Troubleshooter for a suggested resolution for
> that specific error.
>
> MowGreen [MVP 2003-2005]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> Dave Cattapan wrote:
>
> > I have many PC's running Win XP that connect to a AD domain with W2K3
> > servers. Most run the Microsoft updates just fine, but one PC was telling me
> > that I didn't have permission to install updates. This occured under either
> > local or domain admin accounts. I looked in "local security settings" and
> > determined that the only permissions to "manage "
> > were for a group called "domain\Exchange Enterprise Servers." I was not
> > allowed to add or change this setting. I worked around the problem by adding
> > the domain admins to the "exchange enterprise servers" group in my domain.
> > Now I can run the updates just fine on this PC. However, I'd really like to
> > get the administrators group to have "manage auditing and security log"
> > permissions. I'm worried that if I ever remove this computer from the
> > domain, no one will be able to install updates.
> >
> > Any suggestions?
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Can you add Admin to Manage auditing and security log from here ?

Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment\Manage auditing and security log

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============

Dave Cattapan wrote:

> Thanks, but it appears that I'm not getting the problem across to you.
>
> My problem is, how to I get the "administrators" security group access to
> the "manage auditing and security log" in the local security settings? Right
> now, the only group that has this access is "Exchange Enterprise servers."
>
> Thanks,
>
> Dave
>
> "MowGreen [MVP]" wrote:
>
>
>>>I have many PC's running Win XP that connect to a AD domain with W2K3
>>>servers.
>>
>>To facilitate updating Workstations :
>>
>>Windows Server Update Services Product Overview
>>http://www.microsoft.com/windowsserversystem/updateservices/evaluation/overview.mspx
>>
>>
>>>but one PC was telling me that I didn't have permission to install updates.
>>
>>Did the PC in question successfully update in the past ? If so, have you
>>scanned for malware ? Some malware variants will reset permissions or
>>damage system files resulting in a failure to install updates/patches.
>>
>>Start, Run, type
>>regsvr32 initpki.dll
>>Enter
>>
>>If that doesn't resolve the issue, check the WindowsUpdate.log for an
>>error code associated with the failed update installation. Then go to
>>the Windows Update (v6) Troubleshooter for a suggested resolution for
>>that specific error.
>>
>>MowGreen [MVP 2003-2005]
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>
>>Dave Cattapan wrote:
>>
>>
>>>I have many PC's running Win XP that connect to a AD domain with W2K3
>>>servers. Most run the Microsoft updates just fine, but one PC was telling me
>>>that I didn't have permission to install updates. This occured under either
>>>local or domain admin accounts. I looked in "local security settings" and
>>>determined that the only permissions to "manage "
>>>were for a group called "domain\Exchange Enterprise Servers." I was not
>>>allowed to add or change this setting. I worked around the problem by adding
>>>the domain admins to the "exchange enterprise servers" group in my domain.
>>>Now I can run the updates just fine on this PC. However, I'd really like to
>>>get the administrators group to have "manage auditing and security log"
>>>permissions. I'm worried that if I ever remove this computer from the
>>>domain, no one will be able to install updates.
>>>
>>>Any suggestions?
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

That did the trick. Thanks for your help!

After I set the domain group policy, administrators were now authorized to
manage auditing and security, but it still wouldn't let anyone adjust the
setting. Of course, this was true on every other computer in the domain.
However, when I turned off this setting in group policy, the administrators
group still had authority to manage auditing and security, and I had the
ability to edit the list myself.

I'm a happy camper now.

"MowGreen [MVP]" wrote:

> Can you add Admin to Manage auditing and security log from here ?
>
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\User Rights Assignment\Manage auditing and security log
>
> MowGreen [MVP 2003-2005]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
> Dave Cattapan wrote:
>
> > Thanks, but it appears that I'm not getting the problem across to you.
> >
> > My problem is, how to I get the "administrators" security group access to
> > the "manage auditing and security log" in the local security settings? Right
> > now, the only group that has this access is "Exchange Enterprise servers."
> >
> > Thanks,
> >
> > Dave
> >
> > "MowGreen [MVP]" wrote:
> >
> >
> >>>I have many PC's running Win XP that connect to a AD domain with W2K3
> >>>servers.
> >>
> >>To facilitate updating Workstations :
> >>
> >>Windows Server Update Services Product Overview
> >>http://www.microsoft.com/windowsserversystem/updateservices/evaluation/overview.mspx
> >>
> >>
> >>>but one PC was telling me that I didn't have permission to install updates.
> >>
> >>Did the PC in question successfully update in the past ? If so, have you
> >>scanned for malware ? Some malware variants will reset permissions or
> >>damage system files resulting in a failure to install updates/patches.
> >>
> >>Start, Run, type
> >>regsvr32 initpki.dll
> >>Enter
> >>
> >>If that doesn't resolve the issue, check the WindowsUpdate.log for an
> >>error code associated with the failed update installation. Then go to
> >>the Windows Update (v6) Troubleshooter for a suggested resolution for
> >>that specific error.
> >>
> >>MowGreen [MVP 2003-2005]
> >>===============
> >> *-343-* FDNY
> >>Never Forgotten
> >>===============
> >>
> >>
> >>Dave Cattapan wrote:
> >>
> >>
> >>>I have many PC's running Win XP that connect to a AD domain with W2K3
> >>>servers. Most run the Microsoft updates just fine, but one PC was telling me
> >>>that I didn't have permission to install updates. This occured under either
> >>>local or domain admin accounts. I looked in "local security settings" and
> >>>determined that the only permissions to "manage "
> >>>were for a group called "domain\Exchange Enterprise Servers." I was not
> >>>allowed to add or change this setting. I worked around the problem by adding
> >>>the domain admins to the "exchange enterprise servers" group in my domain.
> >>>Now I can run the updates just fine on this PC. However, I'd really like to
> >>>get the administrators group to have "manage auditing and security log"
> >>>permissions. I'm worried that if I ever remove this computer from the
> >>>domain, no one will be able to install updates.
> >>>
> >>>Any suggestions?
> >>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You're mowst welcome, Dave.

MowGreen [MVP 2003-2005]
===============
*-343-* FDNY
Never Forgotten
===============

Dave Cattapan wrote:

> That did the trick. Thanks for your help!
>
> After I set the domain group policy, administrators were now authorized to
> manage auditing and security, but it still wouldn't let anyone adjust the
> setting. Of course, this was true on every other computer in the domain.
> However, when I turned off this setting in group policy, the administrators
> group still had authority to manage auditing and security, and I had the
> ability to edit the list myself.
>
> I'm a happy camper now.
>
> "MowGreen [MVP]" wrote:
>
>
>>Can you add Admin to Manage auditing and security log from here ?
>>
>>Computer Configuration\Windows Settings\Security Settings\Local
>>Policies\User Rights Assignment\Manage auditing and security log
>>
>>MowGreen [MVP 2003-2005]
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>Dave Cattapan wrote:
>>
>>
>>>Thanks, but it appears that I'm not getting the problem across to you.
>>>
>>>My problem is, how to I get the "administrators" security group access to
>>>the "manage auditing and security log" in the local security settings? Right
>>>now, the only group that has this access is "Exchange Enterprise servers."
>>>
>>>Thanks,
>>>
>>>Dave
>>>
>>>"MowGreen [MVP]" wrote:
>>>
>>>
>>>
>>>>>I have many PC's running Win XP that connect to a AD domain with W2K3
>>>>>servers.
>>>>
>>>>To facilitate updating Workstations :
>>>>
>>>>Windows Server Update Services Product Overview
>>>>http://www.microsoft.com/windowsserversystem/updateservices/evaluation/overview.mspx
>>>>
>>>>
>>>>
>>>>>but one PC was telling me that I didn't have permission to install updates.
>>>>
>>>>Did the PC in question successfully update in the past ? If so, have you
>>>>scanned for malware ? Some malware variants will reset permissions or
>>>>damage system files resulting in a failure to install updates/patches.
>>>>
>>>>Start, Run, type
>>>>regsvr32 initpki.dll
>>>>Enter
>>>>
>>>>If that doesn't resolve the issue, check the WindowsUpdate.log for an
>>>>error code associated with the failed update installation. Then go to
>>>>the Windows Update (v6) Troubleshooter for a suggested resolution for
>>>>that specific error.
>>>>
>>>>MowGreen [MVP 2003-2005]
>>>>===============
>>>> *-343-* FDNY
>>>>Never Forgotten
>>>>===============
>>>>
>>>>
>>>>Dave Cattapan wrote:
>>>>
>>>>
>>>>
>>>>>I have many PC's running Win XP that connect to a AD domain with W2K3
>>>>>servers. Most run the Microsoft updates just fine, but one PC was telling me
>>>>>that I didn't have permission to install updates. This occured under either
>>>>>local or domain admin accounts. I looked in "local security settings" and
>>>>>determined that the only permissions to "manage "
>>>>>were for a group called "domain\Exchange Enterprise Servers." I was not
>>>>>allowed to add or change this setting. I worked around the problem by adding
>>>>>the domain admins to the "exchange enterprise servers" group in my domain.
>>>>>Now I can run the updates just fine on this PC. However, I'd really like to
>>>>>get the administrators group to have "manage auditing and security log"
>>>>>permissions. I'm worried that if I ever remove this computer from the
>>>>>domain, no one will be able to install updates.
>>>>>
>>>>>Any suggestions?
>>>>
 

TRENDING THREADS