Is it possible to create a read-only user account for security auditing purposes?

Posted by user2529583 on Server Fault See other posts from Server Fault or by user2529583
Published on 2014-08-20T16:43:56Z Indexed on 2014/08/21 4:22 UTC
Read the original article Hit count: 445

An organization requires several administrators to have a role of a security auditor. They must have read-only (via network/remote) access to Windows Server 2008 / R2 systems and have permissions to view the server configuration. They must not be able to make any other changes to the server or the network, like restarting or making any configuration chanages.

However I can't find any built-in settings for a user like this. The closest thing is the "Users" user group [1], however from my understanding every user in the domain is in this group and cannot view the domain server's configuration.

So, what are other options of implementing a read-only user account in Windows Server 2008?

[1] http://technet.microsoft.com/en-us/library/cc771990.aspx

© Server Fault or respective owner

Related posts about Windows

Related posts about windows-server-2008