Professional Web Applications Themes

App can't write to EventLog on Windows Server 2003 - ASP.NET Security

I have an app that writes to a custom event log (which is created at install time with a custom installer DLL). My app writes just fine to this custom log when running on Windows 2000 Server but when I try to run it on Windows 2003 Server I get "Access denied" errors. I'm using impersonation in my app and if I log in with a user account that is in the "Domain Admins" groups it will work on 2003 as well. What permissions do I need to modify to allow "Domain Users" to be able to write to the ...

  1. #1

    Default App can't write to EventLog on Windows Server 2003

    I have an app that writes to a custom event log (which is
    created at install time with a custom installer DLL). My app
    writes just fine to this custom log when running on Windows
    2000 Server but when I try to run it on Windows 2003 Server I
    get "Access denied" errors.

    I'm using impersonation in my app and if I log in with a
    user account that is in the "Domain Admins" groups it will
    work on 2003 as well.

    What permissions do I need to modify to allow "Domain Users"
    to be able to write to the EventLog from ASP.NET? Adding all
    users to the "Domain Admins" group is not an option.

    THanks...Scott

    p.s. I tried changing my app to write to the Application log
    rather than a custom log but the problem still occurs.
    Scott Zabolotzky Guest

  2. #2

    Default RE: App can't write to EventLog on Windows Server 2003

    Scott,

    You don't really need to alter any permissions. You just need to create
    the event source. The location for that is:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog

    In there, you will have one key for Application, one for Security, and one
    for System. If you are writing to an event source of "MyApp" in the
    Application log, you would need to create a new key under Application
    called MyApp. Once you do that, the application should work fine.

    Jim Cheshire, MCSE, MCSD [MSFT]
    ASP.NET
    Developer Support
    [email]jamescheonline.microsoft.com[/email]

    This post is provided "AS-IS" with no warranties and confers no rights.

    --------------------
    >From: Scott Zabolotzky <zabolotsripco.com>
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Subject: App can't write to EventLog on Windows Server 2003
    >Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >Organization: Ripco Communications Inc.
    >Lines: 18
    >Message-ID: <c5oq1b$bcv$1e250.ripco.com>
    >NNTP-Posting-Host: shell2.ripco.com
    >X-Trace: e250.ripco.com 1082125163 11679 209.100.225.144 (16 Apr 2004
    14:19:23 GMT)
    >X-Complaints-To: [email]usenetripco.com[/email]
    >NNTP-Posting-Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >User-Agent: nn/6.6.5
    >Path:
    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed 00.sul.t-online.de!t-onlin
    e.de!news-lei1.dfn.de!news-fra1.dfn.de!news2.telebyte.nl!border1.nntp.ash.gi
    ganews.com!nntp.giganews.com!newshosting.com!nx01. iad01.newshosting.com!news
    -feed01.roc.ny.frontiernet.net!nntp.frontiernet.net !tdsnet-transit!newspeer.
    tds.net!gail.ripco.com!zabolots
    >Xref: cpmsftngxa06.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security: 9658
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >I have an app that writes to a custom event log (which is
    >created at install time with a custom installer DLL). My app
    >writes just fine to this custom log when running on Windows
    >2000 Server but when I try to run it on Windows 2003 Server I
    >get "Access denied" errors.
    >
    >I'm using impersonation in my app and if I log in with a
    >user account that is in the "Domain Admins" groups it will
    >work on 2003 as well.
    >
    >What permissions do I need to modify to allow "Domain Users"
    >to be able to write to the EventLog from ASP.NET? Adding all
    >users to the "Domain Admins" group is not an option.
    >
    >THanks...Scott
    >
    >p.s. I tried changing my app to write to the Application log
    >rather than a custom log but the problem still occurs.
    >
    Jim Cheshire [MSFT] Guest

  3. #3

    Default Re: App can't write to EventLog on Windows Server 2003

    I'm sorry but I guess I should have worded my original message
    a little better. When I said:

    "I have an app that writes to a custom event log (which is
    created at install time with a custom installer DLL)."

    I meant that the event source is created with a call to
    CreateEventSource("MySource","MyLog") during my installation
    process. The event source is definitely created because if I
    run the app as an admin I can write entries to MyLog just fine.
    It's definitely appears to be some sort of permissions problem.

    Any help you can provide would be greatly appreciated.

    Scott

    [email]jamescheonline.microsoft.com[/email] (Jim Cheshire [MSFT]) writes:
    >You don't really need to alter any permissions. You just need to create
    >the event source. The location for that is:
    >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Eventlog
    >In there, you will have one key for Application, one for Security, and one
    >for System. If you are writing to an event source of "MyApp" in the
    >Application log, you would need to create a new key under Application
    >called MyApp. Once you do that, the application should work fine.
    >Jim Cheshire, MCSE, MCSD [MSFT]
    >ASP.NET
    >Developer Support
    >jamescheonline.microsoft.com
    >This post is provided "AS-IS" with no warranties and confers no rights.
    >--------------------
    >>From: Scott Zabolotzky <zabolotsripco.com>
    >>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >>Subject: App can't write to EventLog on Windows Server 2003
    >>Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >>Organization: Ripco Communications Inc.
    >>Lines: 18
    >>Message-ID: <c5oq1b$bcv$1e250.ripco.com>
    >>NNTP-Posting-Host: shell2.ripco.com
    >>X-Trace: e250.ripco.com 1082125163 11679 209.100.225.144 (16 Apr 2004
    >14:19:23 GMT)
    >>X-Complaints-To: [email]usenetripco.com[/email]
    >>NNTP-Posting-Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >>User-Agent: nn/6.6.5
    >>Path:
    >cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfee d00.sul.t-online.de!t-onlin
    >e.de!news-lei1.dfn.de!news-fra1.dfn.de!news2.telebyte.nl!border1.nntp.ash.gi
    >ganews.com!nntp.giganews.com!newshosting.com!nx01 .iad01.newshosting.com!news
    >-feed01.roc.ny.frontiernet.net!nntp.frontiernet.net !tdsnet-transit!newspeer.
    >tds.net!gail.ripco.com!zabolots
    >>Xref: cpmsftngxa06.phx.gbl
    >microsoft.public.dotnet.framework.aspnet.security :9658
    >>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >>
    >>I have an app that writes to a custom event log (which is
    >>created at install time with a custom installer DLL). My app
    >>writes just fine to this custom log when running on Windows
    >>2000 Server but when I try to run it on Windows 2003 Server I
    >>get "Access denied" errors.
    >>
    >>I'm using impersonation in my app and if I log in with a
    >>user account that is in the "Domain Admins" groups it will
    >>work on 2003 as well.
    >>
    >>What permissions do I need to modify to allow "Domain Users"
    >>to be able to write to the EventLog from ASP.NET? Adding all
    >>users to the "Domain Admins" group is not an option.
    >>
    >>THanks...Scott
    >>
    >>p.s. I tried changing my app to write to the Application log
    >>rather than a custom log but the problem still occurs.
    >>
    Scott Zabolotzky Guest

  4. #4

    Default RE: App can't write to EventLog on Windows Server 2003

    Here's a link to a kb article explaining how to grant rights to the event logs
    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;323076[/url]
    Troy Hall Guest

  5. #5

    Default Re: App can't write to EventLog on Windows Server 2003

    Hi Scott,

    Thanks for your courtesy and decency.

    If the event source has been successfully created, the post below to 323076
    is likely the issue. Note that this is a new feature of Windows Server
    2003.

    Jim Cheshire, MCSE, MCSD [MSFT]
    ASP.NET
    Developer Support
    [email]jamescheonline.microsoft.com[/email]

    This post is provided "AS-IS" with no warranties and confers no rights.

    --------------------
    >From: Scott Zabolotzky <zabolotsripco.com>
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Subject: Re: App can't write to EventLog on Windows Server 2003
    >Date: Fri, 16 Apr 2004 18:47:00 +0000 (UTC)
    >Organization: Ripco Communications Inc.
    >Lines: 79
    >Message-ID: <c5p9n4$3mq$1e250.ripco.com>
    >References: <c5oq1b$bcv$1e250.ripco.com>
    <UPcM#z8IEHA.2948cpmsftngxa06.phx.gbl>
    >NNTP-Posting-Host: shell2.ripco.com
    >X-Trace: e250.ripco.com 1082141220 3802 209.100.225.144 (16 Apr 2004
    18:47:00 GMT)
    >X-Complaints-To: [email]usenetripco.com[/email]
    >NNTP-Posting-Date: Fri, 16 Apr 2004 18:47:00 +0000 (UTC)
    >User-Agent: nn/6.6.5
    >Path:
    cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFT NGP08.phx.gbl!newsfeed00.s
    ul.t-online.de!t-online.de!border2.nntp.ash.giganews.com!nntp.gigan ews.com!e
    lnk-atl-nf1!newsfeed.earthlink.net!bigfeed2.bellsouth.net! bigfeed.bellsouth.
    net!news.bellsouth.net!cox.net!news-xfer.cox.net!gail.ripco.com!zabolots
    >Xref: cpmsftngxa10.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security: 9637
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >I'm sorry but I guess I should have worded my original message
    >a little better. When I said:
    >
    >"I have an app that writes to a custom event log (which is
    >created at install time with a custom installer DLL)."
    >
    >I meant that the event source is created with a call to
    >CreateEventSource("MySource","MyLog") during my installation
    >process. The event source is definitely created because if I
    >run the app as an admin I can write entries to MyLog just fine.
    >It's definitely appears to be some sort of permissions problem.
    >
    >Any help you can provide would be greatly appreciated.
    >
    >Scott
    >
    >jamescheonline.microsoft.com (Jim Cheshire [MSFT]) writes:
    >
    >>You don't really need to alter any permissions. You just need to create
    >>the event source. The location for that is:
    >
    >>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\Eventlog
    >
    >>In there, you will have one key for Application, one for Security, and
    one
    >>for System. If you are writing to an event source of "MyApp" in the
    >>Application log, you would need to create a new key under Application
    >>called MyApp. Once you do that, the application should work fine.
    >
    >>Jim Cheshire, MCSE, MCSD [MSFT]
    >>ASP.NET
    >>Developer Support
    >>jamescheonline.microsoft.com
    >
    >>This post is provided "AS-IS" with no warranties and confers no rights.
    >
    >>--------------------
    >>>From: Scott Zabolotzky <zabolotsripco.com>
    >>>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >>>Subject: App can't write to EventLog on Windows Server 2003
    >>>Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >>>Organization: Ripco Communications Inc.
    >>>Lines: 18
    >>>Message-ID: <c5oq1b$bcv$1e250.ripco.com>
    >>>NNTP-Posting-Host: shell2.ripco.com
    >>>X-Trace: e250.ripco.com 1082125163 11679 209.100.225.144 (16 Apr 2004
    >>14:19:23 GMT)
    >>>X-Complaints-To: [email]usenetripco.com[/email]
    >>>NNTP-Posting-Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >>>User-Agent: nn/6.6.5
    >>>Path:
    >>cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfe ed00.sul.t-online.de!t-onl
    in
    >>e.de!news-lei1.dfn.de!news-fra1.dfn.de!news2.telebyte.nl!border1.nntp.ash.
    gi
    >>ganews.com!nntp.giganews.com!newshosting.com!nx0 1.iad01.newshosting.com!ne
    ws
    >>-feed01.roc.ny.frontiernet.net!nntp.frontiernet.net !tdsnet-transit!newspee
    r.
    >>tds.net!gail.ripco.com!zabolots
    >>>Xref: cpmsftngxa06.phx.gbl
    >>microsoft.public.dotnet.framework.aspnet.securit y:9658
    >>>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >>>
    >>>I have an app that writes to a custom event log (which is
    >>>created at install time with a custom installer DLL). My app
    >>>writes just fine to this custom log when running on Windows
    >>>2000 Server but when I try to run it on Windows 2003 Server I
    >>>get "Access denied" errors.
    >>>
    >>>I'm using impersonation in my app and if I log in with a
    >>>user account that is in the "Domain Admins" groups it will
    >>>work on 2003 as well.
    >>>
    >>>What permissions do I need to modify to allow "Domain Users"
    >>>to be able to write to the EventLog from ASP.NET? Adding all
    >>>users to the "Domain Admins" group is not an option.
    >>>
    >>>THanks...Scott
    >>>
    >>>p.s. I tried changing my app to write to the Application log
    >>>rather than a custom log but the problem still occurs.
    >>>
    >
    >
    Jim Cheshire [MSFT] Guest

  6. #6

    Default Re: App can't write to EventLog on Windows Server 2003

    Thanks for the pointer Jim. It looks like the article at

    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;323076[/url]

    will probably help. I just have to learn SDDL. Too bad it
    couldn't be something simple!

    Scott

    [email]jamescheonline.microsoft.com[/email] (Jim Cheshire [MSFT]) writes:
    >If the event source has been successfully created, the post below to 323076
    >is likely the issue. Note that this is a new feature of Windows Server
    >2003.
    >--------------------
    >>From: Scott Zabolotzky <zabolotsripco.com>
    >>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >>Subject: Re: App can't write to EventLog on Windows Server 2003
    >>Date: Fri, 16 Apr 2004 18:47:00 +0000 (UTC)
    >>
    >>I'm sorry but I guess I should have worded my original message
    >>a little better. When I said:
    >>
    >>"I have an app that writes to a custom event log (which is
    >>created at install time with a custom installer DLL)."
    >>
    >>I meant that the event source is created with a call to
    >>CreateEventSource("MySource","MyLog") during my installation
    >>process. The event source is definitely created because if I
    >>run the app as an admin I can write entries to MyLog just fine.
    >>It's definitely appears to be some sort of permissions problem.
    >>
    >>Any help you can provide would be greatly appreciated.
    >>
    >>Scott
    >>
    >>jamescheonline.microsoft.com (Jim Cheshire [MSFT]) writes:
    >>
    >>>You don't really need to alter any permissions. You just need to create
    >>>the event source. The location for that is:
    >>
    >>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\Eventlog
    >>
    >>>In there, you will have one key for Application, one for Security, and
    >one
    >>>for System. If you are writing to an event source of "MyApp" in the
    >>>Application log, you would need to create a new key under Application
    >>>called MyApp. Once you do that, the application should work fine.
    >>>--------------------
    >>>>From: Scott Zabolotzky <zabolotsripco.com>
    >>>>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >>>>Subject: App can't write to EventLog on Windows Server 2003
    >>>>Date: Fri, 16 Apr 2004 14:19:23 +0000 (UTC)
    >>>>
    >>>>I have an app that writes to a custom event log (which is
    >>>>created at install time with a custom installer DLL). My app
    >>>>writes just fine to this custom log when running on Windows
    >>>>2000 Server but when I try to run it on Windows 2003 Server I
    >>>>get "Access denied" errors.
    >>>>
    >>>>I'm using impersonation in my app and if I log in with a
    >>>>user account that is in the "Domain Admins" groups it will
    >>>>work on 2003 as well.
    >>>>
    >>>>What permissions do I need to modify to allow "Domain Users"
    >>>>to be able to write to the EventLog from ASP.NET? Adding all
    >>>>users to the "Domain Admins" group is not an option.
    >>>>
    >>>>THanks...Scott
    >>>>
    >>>>p.s. I tried changing my app to write to the Application log
    >>>>rather than a custom log but the problem still occurs.
    >>>>
    >>
    >>
    Scott Zabolotzky Guest

Similar Threads

  1. Windows 2000 Server/Windows Server 2003 Dual Boot
    By Bill Emery in forum Windows Server
    Replies: 1
    Last Post: June 28th, 01:40 PM
  2. Error trying to write to the Application Log on a Windows 2003 server
    By Andy Mortimer [MS] in forum ASP.NET Security
    Replies: 1
    Last Post: February 25th, 02:31 PM
  3. Replies: 6
    Last Post: January 6th, 06:10 PM
  4. Replies: 2
    Last Post: October 2nd, 06:49 PM
  5. Write permissions for ASPNET user on Windows 2003
    By Jose Lopes Moreira in forum ASP.NET General
    Replies: 0
    Last Post: July 18th, 03:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139