• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2363
  • Last Modified:

Got security exception error. What permission is needed to write/create windows event log?

Hi, I'm using vs2012.
i'm getting the following error when my code try to create new event log and event source.  I then added impersonation code, stepping through it is impersonating successfully.  the impersonated account is added to the local Administrator group of the server but still I would get security error.  What other permission still needed?  Thank you.
Both code below would give security error
            //if ((!EventLog.Exists(sLog)) || (!EventLog.SourceExists(sSource)))
            //    EventLog.CreateEventSource(sSource, sLog);

            if (!EventLog.SourceExists(sSource))
                EventLog.CreateEventSource(sSource, sLog);

ecurity Exception
  Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

 Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.

Source Error:

 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:

[SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.]
   System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate) +806
   System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate) +315
   System.Diagnostics.EventLog.SourceExists(String source) +22
   XXXXXXXXXXXXXXXXXXXXXXX.ErrLog.LogIt(String msg) +143
   XXXXXXXXXXXXXXXXXXXXXXX._Default.GetUsersToSession() +2444
   System.Web.UI.Control.LoadRecursive() +71
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12347355
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12346873
   System.Web.UI.Page.ProcessRequest() +119
   System.Web.UI.Page.ProcessRequest(HttpContext context) +99
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
1 Solution
This is because NetworkService does not have read and\or write permissions to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security key in the registry.

Other than explicitly defining the permissions, the recommendation is to add a key entry for your application (by Name) to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application key.

Example for an application named MyApplication:
Windows Registry Editor Version 5.00


Open in new window

lapuccaAuthor Commented:
That's why I use impersonation code from here, http://metah.ch/blog/2010/10/impersonation-with-c-2/?utm_expid=93095202-0.j6F45lYdRJalUdpcxFnTAA.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F 

before I write to the event log.  The user impersonate is added to the local server's Administrator's group.  Wouldn't that be enough?  I know it's not because it's getting security error but that doesn't make sense if I'm impersonating a user account that is part of Administrators group

          ImpersonateManager.ImpersonateUser("domain-name", ConfigurationManager.AppSettings.Get("admin"), ConfigurationManager.AppSettings.Get("password"));
            var curUser = WindowsIdentity.GetCurrent().Name;

                  sSource = "XXXXXXXXX";
                  sLog = "XXXXXXXXX";
                  sEvent = "XXXXXXXXXXXX Exception Error";

            //if ((!EventLog.Exists(sLog)) || (!EventLog.SourceExists(sSource)))
            //    EventLog.CreateEventSource(sSource, sLog);

            if (!EventLog.SourceExists(sSource))
                EventLog.CreateEventSource(sSource, sLog);

                  EventLog.WriteEntry(sSource,msg, EventLogEntryType.Error);


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now