The event log cannot function correctly unless proper file permissions are assigned to the log files. You might need to do the following:
Assign permissions to the audit log files so that the service can write to them.
Assign user write permissions to the folder where the audit log file is created.
To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
To change permissions on files and folders:
At the DHCP server, click Start, point to All programs, point to Accessories, and then click Windows Explorer.
Navigate the directory tree to %windir%\System32\Dhcp, right-click the folder, click Properties, and then click the Security tab.
Complete one of the following as needed:
To set permissions for a group or user that does not appear in the Group or user names box, click Add, type the name of the group or user, and then click OK.
To change or remove permissions from an existing group or user, click the name of the group or user.
To allow or deny a permission, in the Permissions for User or Group box, select the Allow or Deny check box.
To remove the group or user from the Group or user names box, click Remove.
Notes
You can only set file and folder permissions on drives formatted to use NTFS.
To change permissions, you must be the owner or have been granted permission by the owner to do so.
Groups or users who are granted Full Control for a folder can delete files and subfolders within that folder, regardless of the permissions that protect the files and subfolders.
If the check boxes under Permissions for User or Group are shaded or if the Remove button is unavailable, then the file or folder has inherited permissions from the parent folder.
When adding a new user or group, by default, this user or group will have Read, Read and Execute, and List Folder Contents permissions.
Target | Microsoft.Windows.DHCPServer.Library.IPv4Runtime | ||
Parent Monitor | System.Health.SecurityState | ||
Category | StateCollection | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.SingleEventLogManualReset2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Microsoft.Windows.DHCPServer.Library.ActionAccount |
<UnitMonitor ID="Microsoft.Windows.DHCPServer.Library.IPv4Runtime.UnitMonitor.Auditing.3" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.DHCPServer.Library.IPv4Runtime" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogManualReset2StateMonitorType" ConfirmDelivery="true" RunAs="Microsoft.Windows.DHCPServer.Library.ActionAccount">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="Microsoft.Windows.DHCPServer.Library.IPv4Runtime.UnitMonitor.Auditing.3_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Warning"/>
<OperationalState ID="ManualResetEventRaised" MonitorTypeStateID="ManualResetEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-DHCP-Server</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">DHCPServer</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1028</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</Configuration>
</UnitMonitor>