2 thoughts on “Domain Controller Security Logs – how to get at them *without* being a Domain Admin

  1. ChadH

    Make sure when you modify the permissions on HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security that you set the permission for ‘this key and all subkeys’. By default, if you add permissions it will only do it for the root key level. You have to go into ‘advanced’ on the permissions window.

    Reply
  2. Tom H

    After spending days on this issue, I finally found your post and it solved the issue for my particular need. ChadH’s suggestion also help solve the problem. Thank you for solution.

    Reply

Leave a Reply