4 thoughts on “Domain Controller Security Logs – how to get at them *without* being a Domain Admin

  1. ChadH

    Make sure when you modify the permissions on HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security that you set the permission for ‘this key and all subkeys’. By default, if you add permissions it will only do it for the root key level. You have to go into ‘advanced’ on the permissions window.

  2. Tom H

    After spending days on this issue, I finally found your post and it solved the issue for my particular need. ChadH’s suggestion also help solve the problem. Thank you for solution.

  3. Chris

    I can’t find HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\CustomSD … am i missing something – Win2012 R2

  4. Dave

    Thanks Jess, after a good 8 hours of nosing around the web and trying different approaches you totally solved this puzzle for me!

    Such a great post – cheers 🙂



Leave a Reply