Those who aren’t administrators are not allowed to
read event logs by default. However, you can add an account to the Event
Log Readers group to grant permission to read the event logs.
When creating event
subscriptions, you must use an account that has access to the event logs
on all your source computers, and it’s best not to use the
administrator account. Instead, you can use the machine account of the
collector computer or create an account specifically for this purpose.
You then add the account to the Event Log Readers group.
You can create a user with the net user command like the following:
net user event_sub P@ssw0rd /add
Alternatively, you can use the dsadd command to create the same account. The format is as follows:
dsadd user dn -pwd password
The following command adds the user to the Users container in the pearson.pub domain with a password of P@ssw0rd:
dsadd user "cn=event_sub, cn=users, dc=pearson, dc=pub"
-pwd P@ssw0rd
Tip
This account is a service
account (used only as a service, not a user) and you need to manage the
password. If the password expires, the event subscriptions will no
longer work.
The following table shows how to add a machine account and a user account to the Event Log Readers group.
Add Account to Event Log Readers Group | Comments |
---|
Add a machine account.
net localgroup "event log readers" machine- name$[@domain-name] /add C:\>net localgroup "event log readers" dc1$ /add C:\>net localgroup "event log readers" [email protected] /add
| When
adding a machine name, you can use just the computer name followed by a
dollar sign ($) or use the universal principal name (UPN), with the
dollar sign after the machine name.
The examples add the computer named dc1 in the pearson.pub domain to the
group.
Tip
You use localgroup instead of group even when you’re adding the account to the Event Log Readers group on a domain controller.
|
Add a user account.
net localgroup "event log readers" user-name /add C:\>net localgroup "event log readers" event_sub /add
| If
you use a service account, you can add the service account to the group
using the same format but enter the user name instead.
This example adds the user account (named event_sub created previously)
to the Event Log Readers group. |
Figure 1 shows the properties of the Event Log Readers group with both the DC1 server and the event_sub user added as members.