Prevent the System Log from being cleared
Scenario
- You are an IT Administrator
- You are creating an Application Control configuration
- You want to create a Corporate\ITSupport-Level 2 group rule
- You want to prevent members of this group from clearing the System log
Process
- Select the Group Rules node.
- In the work area, right-click and select Add Group Rule.
-
In the Add Group Rule dialog, enter Corporate\ITSupport-Level2 and click Add.
The ITSupport-Level2 group is created.
- Select the User Privileges node.
- Select the System Controls tab.
-
Right-click in the work area and select Event Log Control Item.
The Add Event Log Control Item dialog displays.
- Use the ellipsis to navigate to the Browse Installed Event Logs dialog.
- Select System from the event log list and click Add. To select more than one log, hold down the Ctrl button on your keyboard and select the required logs.
-
On the Add Event Log Control Item dialog, click Add.
The System event log is added as a controlled item.
- Select Builtin Restrict from the drop-down list in the Policy Column. This option lowers the privileges of the users within the group. By restricting users in this way, you are preventing them from performing administrative actions such as clearing event logs. Alternatively, select the BuiltIn Elevate option to grant access to clear the event logs.
Members of the Corporate\ITSupport-Level2 group are prevented from clearing the System event log.