1 thought on “Domain Controller Security Logs – how to get at them *without* being a Domain Admin

  1. ChadH

    Make sure when you modify the permissions on HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security that you set the permission for ‘this key and all subkeys’. By default, if you add permissions it will only do it for the root key level. You have to go into ‘advanced’ on the permissions window.


Leave a Reply