Logging events from a w2k12 DC?
Running into an issue, we have a DC that we want system logs etc pulled into SA. The issue of course is Domain Controllers do not contain local user/groups. Is there an easy work around without major administrative work to get this functioning on a DC we want logs from? I would like to hear what others have done in similar scenarios. Thanks!
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
I've reviewed the document, it's expected that the service account be added to the local Log Readers group. As you know, this can't be done on DC's since local users and groups do not exist. Hence the only way I can think of doing this is using the domain log readers group and having the potential risks of additional access.