Resolution
Can Directory and Resource Administrator allow users to view the event logs on member computers in the managed domain?
fact
Directory and Resource Administrator 6.x
fix
Yes, an Assistant Admin can launch Event Viewer and view the event logs of a selected machine. To do so, the Assistant Admin must be a member of an ActiveView that contains a rule including the member computer whose logs the Assistant Admin wishes to view. No special powers are required to launch Event Viewer.
To launch Event Viewer from the DRA MMC, please perform the following steps:
- Launch the MMC interface.
- Expand My ActiveViews | All my managed objects and select Computer views.
- Leave the search dialog box empty and click Search.
- Select the desired computer and click the Manage button.
- Select Event logs and click OK.
- Click Launch Event Viewer in the eventlogview screen.
Once Event Viewer is open, the Assistant Admin will no not be operating under the security context of the DRA service account but under the security context of his/her own account. By default, all users have Read access to the Application and System logs on member computers but they cannot change their properties or clear the event log. To the Security log, an Assistant Admin must have native rights to do so.