Event Log Write Access error.

B

bms

I have a web service that runs on Win2003 under an Application Pool with user identity. If that user is a member of Administrators group, then the web service can write into Event Log. Othwerwise, I get the following erro

System.InvalidOperationException: Cannot open log for source {0}. You may not have write access.

I have seen and read a number of questions in this and other threads. KB Article 329291 does not apply since I already have created the event source (and everything works with Admin group privileges)

Is there a way simple way to get around this without fiddling with the registry entries using SIDs etc.

If using SIDs in the registry is the only way, how can I get the SID for that particular user to enter into the registry

TIA

BMS.
 
J

jzhu

Win2003 tightened event log access. Take a look a
http://support.microsoft.com/default.aspx?scid=kb;en-us;32307

You need to expand the default SDDL strin
O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0x5;;;BA)(A;; 0x7;;;SO)(A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;; 0x2;;;NS
with one more ACE to allow the specific user to read/write to event log
O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0x5;;;BA)(A;; 0x7;;;SO)(A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;; 0x2;;;NS)(A;; 0x3;;;userSidString

Now you need to get the sid string for your specific user. Use the GetSid.exe tool from Microsoft resource kit. Or you can write a simple program to dump it, using a couple of Win32 APIs. Here is a sample code, using the WinNL library fro
http://www.DataMarvel.co

using System
using DataMarvel.WinNL

class Tes

[STAThread
static void Main(string[] args


NSid sid = new NSid(@"myDomain\myUser", null)
Console.WriteLine(sid.StringSid)
 
B

bms

thank you very much for the suggestion. I tried it and it works perfectly fin

I still do not understand how a user can write into an event log through a console application without that security setting (but not able to do so when event log is accessed through the application pool running under the id of that user

regards

bms.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event log permissions while impersonating 0
Impersonation and Custom Event Log - write access denied 0
Passwords in Event Log 1
EMAB, Impersonation, & Access Denied to Event Log in ASP.NET 0
Query windows event log with python 5
Custom Event Log Write Error 2
Win XP event log: Access denied 3
Event log access problem with ASP.NET 7

Members online

Total: 59 (members: 3, guests: 56)
Robots: 454

Forum statistics

Threads
473,982
Messages
2,570,185
Members
46,738
Latest member
JinaMacvit

Latest Threads

Top