I used the Configuration and Analysis Tool to configure my Windows 2000 File system. Specifically I set the ACLs for the AppEvent.evt, SecEvent.evt, and SysEvent.evt in c:\winnt\config to:
Administrators - Read & Execute
Aduitors - Full control
System - Full Control
The security gets configured but if you use the Event Viewer to clear any of these logs their ACLs get set to:
Administrators - Full Control
System - Full Control
The only way to change it back is to do it manually or by running the Configuration and Analysis Tool again. I tried using a CustomSD registry key for each Event Log but I don't think Windows 2000 supports this key.
How can I prevent this change from taking place when the logs are cleared? In the setup for the ACL I checked the box to defined the setting in the database and also the box to stop file permission inheritance from the parent directory i.e. the config directory.
Millard
Administrators - Read & Execute
Aduitors - Full control
System - Full Control
The security gets configured but if you use the Event Viewer to clear any of these logs their ACLs get set to:
Administrators - Full Control
System - Full Control
The only way to change it back is to do it manually or by running the Configuration and Analysis Tool again. I tried using a CustomSD registry key for each Event Log but I don't think Windows 2000 supports this key.
How can I prevent this change from taking place when the logs are cleared? In the setup for the ACL I checked the box to defined the setting in the database and also the box to stop file permission inheritance from the parent directory i.e. the config directory.
Millard