How to grant read only access to Security Event Logs to Non-Admin User on Domain Controller (Windows Server 2016)

Amit Jogi 1 Reputation point


We have a requirement to grant read-only access to a non-Admin User on Security Event Logs of Domain Controller running on Windows Server 2016.

I came across few forums however, those are for Windows Server 2003, 2012, etc.

Is there any specific method to achieve this for Domain Controller running on Windows Server 2016?

Amit Jogi

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,739 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,416 Reputation points


    Thank you for your question and reaching out.

    The method for 2012 should also work for Windows 2016 or 2019 domain controllers also.

    The members who require READ-ONLY access to the logs must first be added to a security group. Create the GPO after that, and then apply it to the Domain Controllers OU. After that is finished, you won't ever need to repeat the process in order to add or delete members from this group. The GPO option is also the ideal because you don't need to configure anything on the individual servers as you add new DCs. The group's members will have access after the GPO is applied to the new DCs.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments