PrepAway - Latest Free Exam Questions & Answers

You need to ensure that events from the Security log of DC1 are collected on Computer1

You have a client computer named Computer1 that runs Windows 7.
On Computer1, you configure a source-initiated subscription.
You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1.
The subscription is configured to use the HTTP protocol.
You discover that events from the Security log of DC1 are not collected on Computer1. Events from the
Application log of DC1 and the System log of DC1 are collected on Computer1.
You need to ensure that events from the Security log of DC1 are collected on Computer1.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Add the computer account of Computer1 to the Event Log Readers group on the domain controller.

B.
Add the Network Service security principal to theEvent Log Readers group on the domain.

C.
Configure the subscription to use custom Event Delivery Optimization settings.

D.
Configure the subscription to use the HTTPS protocol.

Explanation:
Reference 1:
http://blogs.technet.com/b/askds/archive/2011/08/29/the-security-log-haystack-event-forwarding-and-you.aspx
Preparing Windows Server 2008 and Windows Server 2008 R2
You have to prepare your Windows Server 2008/2008 R2 machines for collection of security events. To dothis,
simply add the Network Service accountto the Built-in Event Log Readers group.
Reference 2:
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8434ffb3-1621-4bc5-8311-66d88b215886/
How to collect security logs using event forwarding?
For Windows Vista, Windows Server 2008 and later version of clients, please follow the steps below to
configure it.
1. Click start->run, type CompMgmt.msc to open Computer Management Console.
2. Under Local Users and Groups, click Groups->EventLog Readers to open Event Log Readers Properties.
3. Click Add, then click Location button, select your computer and click OK.
4. Click Object Types button, check the checkbox of Build-in security principals and click OK.
5. Add Network Servicebuild-in account to Event Log Readers group.
6. Reboot the client computer.
After these steps have been taken, you will see thesecurity event logs in the Forwarded Events on your event
collector.


Leave a Reply