Read-only security log access is used by event log scraper in IDFW.
After creating a new user account, you must enable read-only security log access on a Windows 2008 server-based domain section to grant the user read-only access.
- Navigate to Start > Administrative Tools > Active Directory Users and Computers.
- In the navigation tree, expand the node that corresponds to the domain for which you want to enable security log access.
- Under the node that you just expanded, select the Builtin node.
- Double-click on Event Log Readers in the list of groups.
- Select the Members tab in the Event Log Readers Properties dialog box.
- Click the Add... button.
The Select Users, Contacts, Computers, or Groups dialog appears.
- If you previously created a group for the “AD Reader” user, select that group in the Select Users, Contacts, Computers, or Groups dialog. If you created only the user and you did not create a group, select that user in the Select Users, Contacts, Computers, or Groups dialog.
- Click OK to close the Select Users, Contacts, Computers, or Groups dialog
- Click OK to close the Event Log Readers Properties dialog.
- Close the Active Directory Users and Computers window.
What to do next
After you have enabled security log access, verify directory privileges by following the steps in Verifying Directory Privileges.