Read-only security log access is used by event log scraper in IDFW.

After creating a new user account, you must enable read-only security log access on a Windows 2008 server-based domain section to grant the user read-only access.

Note: You must perform these steps on one Domain Controller of the domain, tree, or forest.

Procedure

  1. Navigate to Start > Administrative Tools > Active Directory Users and Computers.
  2. In the navigation tree, expand the node that corresponds to the domain for which you want to enable security log access.
  3. Under the node that you just expanded, select the Builtin node.
  4. Double-click on Event Log Readers in the list of groups.
  5. Select the Members tab in the Event Log Readers Properties dialog box.
  6. Click the Add... button.
    The Select Users, Contacts, Computers, or Groups dialog appears.
  7. If you previously created a group for the “AD Reader” user, select that group in the Select Users, Contacts, Computers, or Groups dialog. If you created only the user and you did not create a group, select that user in the Select Users, Contacts, Computers, or Groups dialog.
  8. Click OK to close the Select Users, Contacts, Computers, or Groups dialog
  9. Click OK to close the Event Log Readers Properties dialog.
  10. Close the Active Directory Users and Computers window.

What to do next

After you have enabled security log access, verify directory privileges by following the steps in Verifying Directory Privileges.