NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Security Ramifications of Event Logs

Access to the event logs is determined by the account under which the application is running. The LocalSystem account is a special account that service applications can use. The Administrator account consists of the administrators for the system. The Server Operator account (ServerOp) consists of the administrators of the domain server. The World account includes all users on all systems.

The following table shows which accounts are granted Read, Write, and Clear access to each log.

Log Account Access
Application LocalSystem Read
Write
Clear
  Administrator Read
Write
Clear
  ServerOp Read
Write
Clear
  World Read
Write
Security LocalSystem Read
Write
Clear
  Administrator Read
Write
  World None
System LocalSystem Read
Write
Clear
  Administrator Read
Write
Clear
  World Read
Clear
  ServerOp Read

In addition, users can read and clear the Security log if they have been granted one of the following:

For more information, see your Windows documentation.

See Also

Introduction to the EventLog Component