security exception writing to event log

Discussion in 'ASP .Net' started by =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 15, 2006.

  1. Hi;

    I am trying to write to the event log using:
    public const string EVENT_LOG_NAME = "Windward Portal";
    if (!EventLog.SourceExists(EVENT_LOG_NAME))
    EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");

    And I am getting the exception:
    [SecurityException: Requested registry access is not allowed.]
    System.ThrowHelper.ThrowSecurityException(ExceptionResource resource) +48
    Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    +2780713
    System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    sourceData) +360
    System.Diagnostics.EventLog.CreateEventSource(String source, String
    logName) +41
    net.windward.portal.audit.Auditor.WriteEvent(String msg,
    EventLogEntryType elet) in
    C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
    net.windward.portal.audit.Auditor..cctor() in
    C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142

    Any idea why?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 15, 2006
    #1
    1. Advertising

  2. I don't believe the ASPNET user account has the permissions to write to the
    event log. You would have to impersonate an account with a higher level of
    permissions in order to do that. There should be some good alternatives
    though if you do a search on google.


    --
    Hope this helps,
    Mark Fitzpatrick
    Former Microsoft FrontPage MVP 199?-2006


    "David Thielen" <> wrote in message
    news:...
    > Hi;
    >
    > I am trying to write to the event log using:
    > public const string EVENT_LOG_NAME = "Windward Portal";
    > if (!EventLog.SourceExists(EVENT_LOG_NAME))
    > EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");
    >
    > And I am getting the exception:
    > [SecurityException: Requested registry access is not allowed.]
    > System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
    > +48
    > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    > +2780713
    > System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    > sourceData) +360
    > System.Diagnostics.EventLog.CreateEventSource(String source, String
    > logName) +41
    > net.windward.portal.audit.Auditor.WriteEvent(String msg,
    > EventLogEntryType elet) in
    > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
    > net.windward.portal.audit.Auditor..cctor() in
    > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142
    >
    > Any idea why?
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    >
    Mark Fitzpatrick, Nov 15, 2006
    #2
    1. Advertising

  3. What is the suggested way of letting the sysadmin know something bad happened
    then? I am testing the code path of the log file cannot be opened so I can't
    log the error. I need to put it somewhere.

    What do others do? I don't want to store a username/password to impersonate
    as that is a big security hole.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Mark Fitzpatrick" wrote:

    > I don't believe the ASPNET user account has the permissions to write to the
    > event log. You would have to impersonate an account with a higher level of
    > permissions in order to do that. There should be some good alternatives
    > though if you do a search on google.
    >
    >
    > --
    > Hope this helps,
    > Mark Fitzpatrick
    > Former Microsoft FrontPage MVP 199?-2006
    >
    >
    > "David Thielen" <> wrote in message
    > news:...
    > > Hi;
    > >
    > > I am trying to write to the event log using:
    > > public const string EVENT_LOG_NAME = "Windward Portal";
    > > if (!EventLog.SourceExists(EVENT_LOG_NAME))
    > > EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");
    > >
    > > And I am getting the exception:
    > > [SecurityException: Requested registry access is not allowed.]
    > > System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
    > > +48
    > > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    > > +2780713
    > > System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    > > sourceData) +360
    > > System.Diagnostics.EventLog.CreateEventSource(String source, String
    > > logName) +41
    > > net.windward.portal.audit.Auditor.WriteEvent(String msg,
    > > EventLogEntryType elet) in
    > > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
    > > net.windward.portal.audit.Auditor..cctor() in
    > > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142
    > >
    > > Any idea why?
    > >
    > > --
    > > thanks - dave
    > > david_at_windward_dot_net
    > > http://www.windwardreports.com
    > >
    > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > >
    > >

    >
    >
    >
    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 15, 2006
    #3
  4. =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=

    sloan Guest

    If file or event log permissions are an issue.

    Then

    1. Write an entry to a database, even a local access database.
    2. Send an email.

    The EMAB was actually good for getting something off the ground.
    Exception Management Application Block

    The default behavior is to write to the EventLog, however, you can extend
    some Interfaces, setup some info in your webconfig, and have it do something
    else.
    http://www.google.com/search?hl=en&q="Implements IExceptionXmlPublisher"
    http://builder.com.com/5100-6374-5110833.html

    That would get you started.

    Its worth the time, because ......... when you finally get it write, you
    only have to put 1 line of code in to get the exception logged.

    Dim x, y As Integer
    Try
    x = 5 / y
    Catch ex As Exception
    ExceptionManager.Publish(ex)
    End Try

    That's nice!

    The EnterpriseLibrary is a little too much for what I need, so I stuck with
    the original EMAB.




    "David Thielen" <> wrote in message
    news:...
    > What is the suggested way of letting the sysadmin know something bad

    happened
    > then? I am testing the code path of the log file cannot be opened so I

    can't
    > log the error. I need to put it somewhere.
    >
    > What do others do? I don't want to store a username/password to

    impersonate
    > as that is a big security hole.
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    >
    >
    >
    > "Mark Fitzpatrick" wrote:
    >
    > > I don't believe the ASPNET user account has the permissions to write to

    the
    > > event log. You would have to impersonate an account with a higher level

    of
    > > permissions in order to do that. There should be some good alternatives
    > > though if you do a search on google.
    > >
    > >
    > > --
    > > Hope this helps,
    > > Mark Fitzpatrick
    > > Former Microsoft FrontPage MVP 199?-2006
    > >
    > >
    > > "David Thielen" <> wrote in message
    > > news:...
    > > > Hi;
    > > >
    > > > I am trying to write to the event log using:
    > > > public const string EVENT_LOG_NAME = "Windward Portal";
    > > > if (!EventLog.SourceExists(EVENT_LOG_NAME))
    > > > EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");
    > > >
    > > > And I am getting the exception:
    > > > [SecurityException: Requested registry access is not allowed.]
    > > > System.ThrowHelper.ThrowSecurityException(ExceptionResource

    resource)
    > > > +48
    > > > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean

    writable)
    > > > +2780713
    > > >

    System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    > > > sourceData) +360
    > > > System.Diagnostics.EventLog.CreateEventSource(String source, String
    > > > logName) +41
    > > > net.windward.portal.audit.Auditor.WriteEvent(String msg,
    > > > EventLogEntryType elet) in
    > > >

    C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:15
    5
    > > > net.windward.portal.audit.Auditor..cctor() in
    > > >

    C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:14
    2
    > > >
    > > > Any idea why?
    > > >
    > > > --
    > > > thanks - dave
    > > > david_at_windward_dot_net
    > > > http://www.windwardreports.com
    > > >
    > > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > > >
    > > >

    > >
    > >
    > >
    sloan, Nov 15, 2006
    #4
  5. by default asp.net does not have access to registery. you should add the
    applicaion node, message file key to registery, and give asp.net access.

    -- bruce (sqlwork.com)

    "David Thielen" <> wrote in message
    news:...
    > Hi;
    >
    > I am trying to write to the event log using:
    > public const string EVENT_LOG_NAME = "Windward Portal";
    > if (!EventLog.SourceExists(EVENT_LOG_NAME))
    > EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");
    >
    > And I am getting the exception:
    > [SecurityException: Requested registry access is not allowed.]
    > System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
    > +48
    > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    > +2780713
    > System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    > sourceData) +360
    > System.Diagnostics.EventLog.CreateEventSource(String source, String
    > logName) +41
    > net.windward.portal.audit.Auditor.WriteEvent(String msg,
    > EventLogEntryType elet) in
    > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
    > net.windward.portal.audit.Auditor..cctor() in
    > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142
    >
    > Any idea why?
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    >
    bruce barker \(sqlwork.com\), Nov 15, 2006
    #5
  6. But what do I use to get a message to the admin if db access and mail fails?
    Both of those can easily fail.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "sloan" wrote:

    >
    > If file or event log permissions are an issue.
    >
    > Then
    >
    > 1. Write an entry to a database, even a local access database.
    > 2. Send an email.
    >
    > The EMAB was actually good for getting something off the ground.
    > Exception Management Application Block
    >
    > The default behavior is to write to the EventLog, however, you can extend
    > some Interfaces, setup some info in your webconfig, and have it do something
    > else.
    > http://www.google.com/search?hl=en&q="Implements IExceptionXmlPublisher"
    > http://builder.com.com/5100-6374-5110833.html
    >
    > That would get you started.
    >
    > Its worth the time, because ......... when you finally get it write, you
    > only have to put 1 line of code in to get the exception logged.
    >
    > Dim x, y As Integer
    > Try
    > x = 5 / y
    > Catch ex As Exception
    > ExceptionManager.Publish(ex)
    > End Try
    >
    > That's nice!
    >
    > The EnterpriseLibrary is a little too much for what I need, so I stuck with
    > the original EMAB.
    >
    >
    >
    >
    > "David Thielen" <> wrote in message
    > news:...
    > > What is the suggested way of letting the sysadmin know something bad

    > happened
    > > then? I am testing the code path of the log file cannot be opened so I

    > can't
    > > log the error. I need to put it somewhere.
    > >
    > > What do others do? I don't want to store a username/password to

    > impersonate
    > > as that is a big security hole.
    > >
    > > --
    > > thanks - dave
    > > david_at_windward_dot_net
    > > http://www.windwardreports.com
    > >
    > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > >
    > >
    > >
    > >
    > > "Mark Fitzpatrick" wrote:
    > >
    > > > I don't believe the ASPNET user account has the permissions to write to

    > the
    > > > event log. You would have to impersonate an account with a higher level

    > of
    > > > permissions in order to do that. There should be some good alternatives
    > > > though if you do a search on google.
    > > >
    > > >
    > > > --
    > > > Hope this helps,
    > > > Mark Fitzpatrick
    > > > Former Microsoft FrontPage MVP 199?-2006
    > > >
    > > >
    > > > "David Thielen" <> wrote in message
    > > > news:...
    > > > > Hi;
    > > > >
    > > > > I am trying to write to the event log using:
    > > > > public const string EVENT_LOG_NAME = "Windward Portal";
    > > > > if (!EventLog.SourceExists(EVENT_LOG_NAME))
    > > > > EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");
    > > > >
    > > > > And I am getting the exception:
    > > > > [SecurityException: Requested registry access is not allowed.]
    > > > > System.ThrowHelper.ThrowSecurityException(ExceptionResource

    > resource)
    > > > > +48
    > > > > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean

    > writable)
    > > > > +2780713
    > > > >

    > System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    > > > > sourceData) +360
    > > > > System.Diagnostics.EventLog.CreateEventSource(String source, String
    > > > > logName) +41
    > > > > net.windward.portal.audit.Auditor.WriteEvent(String msg,
    > > > > EventLogEntryType elet) in
    > > > >

    > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:15
    > 5
    > > > > net.windward.portal.audit.Auditor..cctor() in
    > > > >

    > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:14
    > 2
    > > > >
    > > > > Any idea why?
    > > > >
    > > > > --
    > > > > thanks - dave
    > > > > david_at_windward_dot_net
    > > > > http://www.windwardreports.com
    > > > >
    > > > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > > > >
    > > > >
    > > >
    > > >
    > > >

    >
    >
    >
    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 15, 2006
    #6
  7. How do I do that? I've been searching and not finding anything about this.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "bruce barker (sqlwork.com)" wrote:

    > by default asp.net does not have access to registery. you should add the
    > applicaion node, message file key to registery, and give asp.net access.
    >
    > -- bruce (sqlwork.com)
    >
    > "David Thielen" <> wrote in message
    > news:...
    > > Hi;
    > >
    > > I am trying to write to the event log using:
    > > public const string EVENT_LOG_NAME = "Windward Portal";
    > > if (!EventLog.SourceExists(EVENT_LOG_NAME))
    > > EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");
    > >
    > > And I am getting the exception:
    > > [SecurityException: Requested registry access is not allowed.]
    > > System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
    > > +48
    > > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    > > +2780713
    > > System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
    > > sourceData) +360
    > > System.Diagnostics.EventLog.CreateEventSource(String source, String
    > > logName) +41
    > > net.windward.portal.audit.Auditor.WriteEvent(String msg,
    > > EventLogEntryType elet) in
    > > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
    > > net.windward.portal.audit.Auditor..cctor() in
    > > C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142
    > >
    > > Any idea why?
    > >
    > > --
    > > thanks - dave
    > > david_at_windward_dot_net
    > > http://www.windwardreports.com
    > >
    > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > >
    > >

    >
    >
    >
    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 15, 2006
    #7
  8. Hi Dave,

    If your ASP.NET web application runs in medium trust level, you will need
    additional configuration steps to write to event log. See following article:

    #How To: Use Medium Trust in ASP.NET 2.0
    http://msdn2.microsoft.com/en-us/library/ms998341.aspx
    In ASP.NET version 1.1, you had to grant code full trust to access the
    event log. This is no longer required in ASP.NET version 2.0, although you
    must still create a custom trust policy file to grant the
    EventLogPermission, as described later in this document.
    ...
    (search section titled "EventLogPermission")

    Sincerely,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications. If you are using Outlook Express, please make sure you clear the
    check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
    promptly.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Walter Wang [MSFT], Nov 16, 2006
    #8
  9. This is strange - the only use of "trust" in machine.config is:
    <section name="trust"
    type="System.Web.Configuration.TrustSection, System.Web, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    allowDefinition="MachineToApplication" />

    And the Web.Config in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG is:
    <trust level="Full" originUrl="" />

    No trust set in my app's config.web. Is there something else it could be?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Walter Wang [MSFT]" wrote:

    > Hi Dave,
    >
    > If your ASP.NET web application runs in medium trust level, you will need
    > additional configuration steps to write to event log. See following article:
    >
    > #How To: Use Medium Trust in ASP.NET 2.0
    > http://msdn2.microsoft.com/en-us/library/ms998341.aspx
    > In ASP.NET version 1.1, you had to grant code full trust to access the
    > event log. This is no longer required in ASP.NET version 2.0, although you
    > must still create a custom trust policy file to grant the
    > EventLogPermission, as described later in this document.
    > ...
    > (search section titled "EventLogPermission")
    >
    > Sincerely,
    > Walter Wang (, remove 'online.')
    > Microsoft Online Community Support
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications. If you are using Outlook Express, please make sure you clear the
    > check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
    > promptly.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > ==================================================
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 16, 2006
    #9
  10. To handle medium trust (I want to try that in case it is set somehow) it says
    I need to create a custom policy file and a permission set. Can you point me
    to a url that explains what this is, where to place these files, and the full
    syntax of them.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Walter Wang [MSFT]" wrote:

    > Hi Dave,
    >
    > If your ASP.NET web application runs in medium trust level, you will need
    > additional configuration steps to write to event log. See following article:
    >
    > #How To: Use Medium Trust in ASP.NET 2.0
    > http://msdn2.microsoft.com/en-us/library/ms998341.aspx
    > In ASP.NET version 1.1, you had to grant code full trust to access the
    > event log. This is no longer required in ASP.NET version 2.0, although you
    > must still create a custom trust policy file to grant the
    > EventLogPermission, as described later in this document.
    > ...
    > (search section titled "EventLogPermission")
    >
    > Sincerely,
    > Walter Wang (, remove 'online.')
    > Microsoft Online Community Support
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications. If you are using Outlook Express, please make sure you clear the
    > check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
    > promptly.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > ==================================================
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Nov 16, 2006
    #10
  11. Hi Dave,

    If you're not using medium trust level, then the custom policy is not
    needed. If you do, the instructions are in the same article's section "Step
    3. Optionally Create a Custom Policy Based on Medium Trust".

    Even with full trust level, we still need to do following steps to make
    sure ASP.NET web application can write to event log:

    1. Creating Event Sources

    If your application needs to use application specific event sources, you
    should create them at installation time when administrator privileges are
    available. A good approach is to use a .NET installer class, which can be
    instantiated by the Windows Installer (if you are using .msi deployment) or
    by the InstallUtil.exe system utility.

    If you are unable to create event sources at installation time, and you are
    in deployment, the administrator should manually create new event source
    entry beneath the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\<LogName>

    Note:
    You should not grant write permission to the ASP.NET process account (or
    any impersonated account if your application uses impersonation) on the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ registry
    key. If you allow write access to this key and the account is compromised,
    the attacker can modify any log-related setting, including access control
    to the log, for any log on the system.


    As you can see, creating event source at HKLM will certainly requires
    administrative privilege.

    2. Also you need to manually set the EventMessageFile for your event source:

    http://groups.google.com/group/microsoft.public.dotnet.general/browse_frm/th
    read/1ad0881c8871578e/



    Regards,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Walter Wang [MSFT], Nov 16, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?VG9tIFdpbmdlcnQ=?=

    My.Log.Writeexception not writing to Application Event Log.

    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=, Jan 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,348
    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=
    Jan 20, 2006
  2. Craig Hurcum
    Replies:
    1
    Views:
    324
    John Harrison
    Aug 12, 2003
  3. Nam
    Replies:
    3
    Views:
    476
  4. Nam
    Replies:
    3
    Views:
    254
  5. Tom Wingert
    Replies:
    0
    Views:
    317
    Tom Wingert
    Jan 12, 2006
Loading...

Share This Page