Home » Microsoft » 70-642 » What should you do?
Your network contains a server named Server1 that runs Windows Server 2008 R2. You have a user named User1.
You need to ensure that User1 can view the events in the Security event log. The solution must minimize the number of rights assigned to User1.
What should you do?
A. In Event Viewer, filter the Security log.
B. In Event Viewer, configure the properties of the Security log.
C. In the Local Security Policy console, modify the Security Options.
D. In the Registry Editor, add a Security Descriptor Definition Language (SDDL) value.
Correct Answer: D
Explanation/Reference:
Correct answer(s): D
The Security Descriptor for each log is specified by using Security Descriptor Definition Language (SDDL) syntax. For more information about SDDL syntax, see the Platform SDK, or visit the Microsoft Web site mentioned in the "References" section of this article.
To construct an SDDL string, note that there are three distinct rights that pertain to event logs: Read, Write, and Clear. These rights correspond to the following bits in the access rights field of the ACE string:
1= Read
2 = Write
4 = Clear
Read more here: http://support.microsoft.com/kb/323076