DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 951026 - Last Review: April 8, 2008 - Revision: 1.0

SYMPTOMS

In a Windows Server 2003-Based domain, if a domain user is also a local administrator, the domain user may be able to access and view security logs. This behavior occurs even if the domain user does not have the Manage auditing and security log user right.

CAUSE

This issue occurs because of behavior that occurs when a member of the local administrators group runs the Event Viewer Microsoft Management Console (MMC) snap-in. In Windows Server 2003, not all actions are performed under the context of the user who runs the process. Some actions that are performed by event viewer run under the context of the SYSTEM account. These actions that run under the context of the SYSTEM account cause the issue.

Note This behavior changes if you run Event Viewer by using a user account that is not a member of the local administrators group.

RESOLUTION

No resolution currently exists for this behavior.

APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Keywords: 
kbexpertiseinter kbtshoot kbprb KB951026
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support