I would like to setup the following audit scenario:
A large Active Directory domain is scattered among various phisical sites, each contained in its own organizational unit. The members of a non-administrative domain group must remotely access Event Logs on each computer of one site. No additional rights should be granted to the group other than those strictly necessary for performing the aforementioned task.
Domain version is 2003, with some 2008R2 servers.
I have looked through delegation wizards and Group Policies to no avail. Granting domain or local administrative rights is out of question, even if through restricted groups.
Global domain auditing must not be impacted nor it can be accessed in order to perform this task.
Please, Is such delegation possible? If yes, how is it deployed?
Thanks,
Regards