EventSentry is unable to access certain resources located on different computers when using the file target (html, csv, ascii), MS access databases and when performing event log backups.

Article ID: 18
Category: Usage
Applies to:
Created: 2005-01-07

You will need to take additional configuration steps when configuring EventSentry to access resources located on different computer.

By default, the EventSentry agent (=service) runs under the LocalSystem account. This is a built-in system account that has administrative permissions on the local host, but usually has no permissions on remote computers.

There are two ways of solving this problem:

1) Change the user account the service is running under. Navigate to Start -> Control Panel -> Administrative Tools -> Services and located the "EventSentry" service. Right-click the service, select "Properties" and select the "Log On" tab. There you can change the account the service is running under, generally you would select a domain user account with administrative permissions here. Elevated privileges are necessary so that the Security event log can be accessed by the service. Please remember to restart the service every time you change the associated user account.

2) You can centrally assign permissions to the resource and authorize each EventSentry installation individually. In Windows 2000, bring up the security settings (right-click file or folder in explorer, click properties and then click on "Security") and add the COMPUTER$ account to the list of users. For example, the LocalSystem account on the computer TIBET is represented by the TIBET$ user account. If you add the TIBET$ user account to the list of authorized users then the EventSentry agent on computer TIBET will have access to that resource.

These instructions currently apply to:

  • File Target
  • ODBC Target when using file-based databases such as MS Access
  • Event Log Backup Feature