Version

Argent Advanced Technology – All Versions

Date

Tuesday, 10 April 2018

Summary

It was observed that after removing domain administrator level privileges from the Argent Service Account, multiple audit failures were found in the Security Event Log of the Domain Controller while reading Event logs from Argent for Compliance

Technical Background

There are multiple ways Argent for Compliance can read the Security Event Log from a server, the default option is ‘Read Event Log File Directly’

When ‘Read Event Log File Directly’ is used, multiple audit failure Events while attempting to read the Event log via a UNC path can be seen

Resolution

Use the ‘Vista Event Log API’ method for reading Event logs instead