|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Permissions on Event Log?Whats the deal here MS?
Has Issues in Win2003, only way to allow is a Regedit hack or Installer class? What kind of BS is this? So what evey time I install to Win2003 I need to add X number of Application Sources to the Event log system? What if the Log is Full? So what we do our own file log? Then Admin can't check them as easily... How about a real solution... Schneider I did find some new info:
http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx Basicly allows you to register a source during runtime. Have not tried it yet myself. Schneider Show quoteHide quote "schneider" <eschnei***@starkinvestments.cem> wrote in message news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... > Whats the deal here MS? > > Has Issues in Win2003, only way to allow is a Regedit hack or Installer > class? What kind of BS is this? > So what evey time I install to Win2003 I need to add X number of > Application Sources to the Event log system? > > What if the Log is Full? > > So what we do our own file log? Then Admin can't check them as easily... > > How about a real solution... > > Schneider > > You can only register event source when you have administrative privileges.
Build a small app that pre-creates the event sources at deployment time (with admin privileges) - afterwards you can use them from normal-user processes. ----- Dominick Baier (http://www.leastprivilege.com) Show quoteHide quote > I did find some new info: > http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx > Basicly allows you to register a source during runtime. Have not tried > it yet myself. > > Schneider > > "schneider" <eschnei***@starkinvestments.cem> wrote in message > news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... > >> Whats the deal here MS? >> >> Has Issues in Win2003, only way to allow is a Regedit hack or >> Installer >> class? What kind of BS is this? >> So what evey time I install to Win2003 I need to add X number of >> Application Sources to the Event log system? >> What if the Log is Full? >> >> So what we do our own file log? Then Admin can't check them as >> easily... >> >> How about a real solution... >> >> Schneider >> Yes.
I don't agree with that requirement. So now I need two installs if I'm not admin, just so I can have an event log? I can create my own log file without admin privileges. Windows should be able to provide some basic log file needs. When a user installs an app. they are already trusting the application. The Event log can be viewed remotely from windows admins, by making it difficult to use they are making harder for IT to manage apps through a know/common interface. Schneider Show quoteHide quote "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in message news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... > You can only register event source when you have administrative > privileges. > Build a small app that pre-creates the event sources at deployment time > (with admin privileges) - afterwards you can use them from normal-user > processes. > > > ----- > Dominick Baier (http://www.leastprivilege.com) > >> I did find some new info: >> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >> Basicly allows you to register a source during runtime. Have not tried >> it yet myself. >> >> Schneider >> >> "schneider" <eschnei***@starkinvestments.cem> wrote in message >> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >> >>> Whats the deal here MS? >>> >>> Has Issues in Win2003, only way to allow is a Regedit hack or >>> Installer >>> class? What kind of BS is this? >>> So what evey time I install to Win2003 I need to add X number of >>> Application Sources to the Event log system? >>> What if the Log is Full? >>> >>> So what we do our own file log? Then Admin can't check them as >>> easily... >>> >>> How about a real solution... >>> >>> Schneider >>> > > When a non-admin user installs an application, there are plenty of things
that the installer should not be allowed to do, regardless of how much that user might happen to trust the application. If your application requires creation of an event log, then it should be installed by an administrator. This is not an uncommon requirement, and I'm a little puzzled as to why it seems to pose a problem for you. Show quoteHide quote "schneider" <eschnei***@starkinvestments.cem> wrote in message news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... > Yes. > I don't agree with that requirement. > So now I need two installs if I'm not admin, just so I can have an event > log? > I can create my own log file without admin privileges. > Windows should be able to provide some basic log file needs. When a user > installs an app. they are already trusting the application. The Event log > can be viewed remotely from windows admins, by making it difficult to use > they are making harder for IT to manage apps through a know/common > interface. > > Schneider > > > "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in > message news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >> You can only register event source when you have administrative >> privileges. >> Build a small app that pre-creates the event sources at deployment time >> (with admin privileges) - afterwards you can use them from normal-user >> processes. >> >> >> ----- >> Dominick Baier (http://www.leastprivilege.com) >> >>> I did find some new info: >>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>> Basicly allows you to register a source during runtime. Have not tried >>> it yet myself. >>> >>> Schneider >>> >>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>> >>>> Whats the deal here MS? >>>> >>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>> Installer >>>> class? What kind of BS is this? >>>> So what evey time I install to Win2003 I need to add X number of >>>> Application Sources to the Event log system? >>>> What if the Log is Full? >>>> >>>> So what we do our own file log? Then Admin can't check them as >>>> easily... >>>> >>>> How about a real solution... >>>> >>>> Schneider >>>> >> >> > > I can deal with it. I can do alot worse things as non-admin app.
I don't see why it's a problem to log events. What are the risks? I can create my own log file? Space usage? Can be addressed. You could have an admin install, but then the user may need to log off the machine. In a corp. enviroment this is a pain. If you give the users admin right they install everything from spyware to porn. Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... > When a non-admin user installs an application, there are plenty of things > that the installer should not be allowed to do, regardless of how much > that user might happen to trust the application. If your application > requires creation of an event log, then it should be installed by an > administrator. This is not an uncommon requirement, and I'm a little > puzzled as to why it seems to pose a problem for you. > > > "schneider" <eschnei***@starkinvestments.cem> wrote in message > news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >> Yes. >> I don't agree with that requirement. >> So now I need two installs if I'm not admin, just so I can have an event >> log? >> I can create my own log file without admin privileges. >> Windows should be able to provide some basic log file needs. When a user >> installs an app. they are already trusting the application. The Event log >> can be viewed remotely from windows admins, by making it difficult to use >> they are making harder for IT to manage apps through a know/common >> interface. >> >> Schneider >> >> >> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in >> message news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>> You can only register event source when you have administrative >>> privileges. >>> Build a small app that pre-creates the event sources at deployment time >>> (with admin privileges) - afterwards you can use them from normal-user >>> processes. >>> >>> >>> ----- >>> Dominick Baier (http://www.leastprivilege.com) >>> >>>> I did find some new info: >>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>> Basicly allows you to register a source during runtime. Have not tried >>>> it yet myself. >>>> >>>> Schneider >>>> >>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>> >>>>> Whats the deal here MS? >>>>> >>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>> Installer >>>>> class? What kind of BS is this? >>>>> So what evey time I install to Win2003 I need to add X number of >>>>> Application Sources to the Event log system? >>>>> What if the Log is Full? >>>>> >>>>> So what we do our own file log? Then Admin can't check them as >>>>> easily... >>>>> >>>>> How about a real solution... >>>>> >>>>> Schneider >>>>> >>> >>> >> >> > > In a corp environment you would use a software distribution tool like SMS
or AD group policies - no need to logoff... Adding an event source affects the whole system and not that single user - so you need admin privs. as always - and makes sense. ----- Dominick Baier (http://www.leastprivilege.com) Show quoteHide quote > I can deal with it. I can do alot worse things as non-admin app. I > don't see why it's a problem to log events. > > What are the risks? I can create my own log file? > Space usage? Can be addressed. > You could have an admin install, but then the user may need to log off > the machine. In a corp. enviroment this is a pain. If you give the > users admin right they install everything from spyware to porn. > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in > message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... > >> When a non-admin user installs an application, there are plenty of >> things that the installer should not be allowed to do, regardless of >> how much that user might happen to trust the application. If your >> application requires creation of an event log, then it should be >> installed by an administrator. This is not an uncommon requirement, >> and I'm a little puzzled as to why it seems to pose a problem for >> you. >> >> "schneider" <eschnei***@starkinvestments.cem> wrote in message >> news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >> >>> Yes. >>> I don't agree with that requirement. >>> So now I need two installs if I'm not admin, just so I can have an >>> event >>> log? >>> I can create my own log file without admin privileges. >>> Windows should be able to provide some basic log file needs. When a >>> user >>> installs an app. they are already trusting the application. The >>> Event log >>> can be viewed remotely from windows admins, by making it difficult >>> to use >>> they are making harder for IT to manage apps through a know/common >>> interface. >>> Schneider >>> >>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> >>> wrote in message >>> news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>> >>>> You can only register event source when you have administrative >>>> privileges. >>>> Build a small app that pre-creates the event sources at deployment >>>> time >>>> (with admin privileges) - afterwards you can use them from >>>> normal-user >>>> processes. >>>> ----- >>>> Dominick Baier (http://www.leastprivilege.com) >>>>> I did find some new info: >>>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>>> Basicly allows you to register a source during runtime. Have not >>>>> tried >>>>> it yet myself. >>>>> Schneider >>>>> >>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>>> >>>>>> Whats the deal here MS? >>>>>> >>>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>>> Installer >>>>>> class? What kind of BS is this? >>>>>> So what evey time I install to Win2003 I need to add X number of >>>>>> Application Sources to the Event log system? >>>>>> What if the Log is Full? >>>>>> So what we do our own file log? Then Admin can't check them as >>>>>> easily... >>>>>> >>>>>> How about a real solution... >>>>>> >>>>>> Schneider >>>>>> Yes that may work, but why would a developer bother with all this trouble?
He can just create a custom log file, oops! now IT wants to check the log for errors, where was that file? and how do I view it? Thats my point... And why does the event source need to effect the whole system? If I create a custom log file and fill the entire hard drive that effects the whole system also... Schneider Show quoteHide quote "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in message news:51eb30483b818c8ec40a05e6e80@news.microsoft.com... > In a corp environment you would use a software distribution tool like SMS > or AD group policies - no need to logoff... > > Adding an event source affects the whole system and not that single user - > so you need admin privs. as always - and makes sense. > > > ----- > Dominick Baier (http://www.leastprivilege.com) > >> I can deal with it. I can do alot worse things as non-admin app. I >> don't see why it's a problem to log events. >> >> What are the risks? I can create my own log file? >> Space usage? Can be addressed. >> You could have an admin install, but then the user may need to log off >> the machine. In a corp. enviroment this is a pain. If you give the >> users admin right they install everything from spyware to porn. >> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >> message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... >> >>> When a non-admin user installs an application, there are plenty of >>> things that the installer should not be allowed to do, regardless of >>> how much that user might happen to trust the application. If your >>> application requires creation of an event log, then it should be >>> installed by an administrator. This is not an uncommon requirement, >>> and I'm a little puzzled as to why it seems to pose a problem for >>> you. >>> >>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>> news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >>> >>>> Yes. >>>> I don't agree with that requirement. >>>> So now I need two installs if I'm not admin, just so I can have an >>>> event >>>> log? >>>> I can create my own log file without admin privileges. >>>> Windows should be able to provide some basic log file needs. When a >>>> user >>>> installs an app. they are already trusting the application. The >>>> Event log >>>> can be viewed remotely from windows admins, by making it difficult >>>> to use >>>> they are making harder for IT to manage apps through a know/common >>>> interface. >>>> Schneider >>>> >>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> >>>> wrote in message >>>> news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>>> >>>>> You can only register event source when you have administrative >>>>> privileges. >>>>> Build a small app that pre-creates the event sources at deployment >>>>> time >>>>> (with admin privileges) - afterwards you can use them from >>>>> normal-user >>>>> processes. >>>>> ----- >>>>> Dominick Baier (http://www.leastprivilege.com) >>>>>> I did find some new info: >>>>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>>>> Basicly allows you to register a source during runtime. Have not >>>>>> tried >>>>>> it yet myself. >>>>>> Schneider >>>>>> >>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>>>> >>>>>>> Whats the deal here MS? >>>>>>> >>>>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>>>> Installer >>>>>>> class? What kind of BS is this? >>>>>>> So what evey time I install to Win2003 I need to add X number of >>>>>>> Application Sources to the Event log system? >>>>>>> What if the Log is Full? >>>>>>> So what we do our own file log? Then Admin can't check them as >>>>>>> easily... >>>>>>> >>>>>>> How about a real solution... >>>>>>> >>>>>>> Schneider >>>>>>> > > "schneider" <eschnei***@starkinvestments.cem> wrote in message It's not the developer that should be setting up installation via SMS or an news:eUPPsSjHHHA.2232@TK2MSFTNGP02.phx.gbl... > Yes that may work, but why would a developer bother with all this trouble? AD GPO, it's the enterprise's IT group. Most commercial software requires administrative installation, so most companies have usually found some fairly routine way to deal with these. > He can just create a custom log file, oops! now IT wants to check the log It's not just a disk space issue. For example, if an event log that does > for errors, where was that file? and how do I view it? > > Thats my point... > > And why does the event source need to effect the whole system? > If I create a custom log file and fill the entire hard drive that effects > the whole system also... not purge automatically fills up, it can cause important services to no longer run. Non-administrators should not be able to set up such an event log. Show quoteHide quote > > Schneider > > "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in > message news:51eb30483b818c8ec40a05e6e80@news.microsoft.com... >> In a corp environment you would use a software distribution tool like SMS >> or AD group policies - no need to logoff... >> >> Adding an event source affects the whole system and not that single >> user - so you need admin privs. as always - and makes sense. >> >> >> ----- >> Dominick Baier (http://www.leastprivilege.com) >> >>> I can deal with it. I can do alot worse things as non-admin app. I >>> don't see why it's a problem to log events. >>> >>> What are the risks? I can create my own log file? >>> Space usage? Can be addressed. >>> You could have an admin install, but then the user may need to log off >>> the machine. In a corp. enviroment this is a pain. If you give the >>> users admin right they install everything from spyware to porn. >>> >>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>> message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... >>> >>>> When a non-admin user installs an application, there are plenty of >>>> things that the installer should not be allowed to do, regardless of >>>> how much that user might happen to trust the application. If your >>>> application requires creation of an event log, then it should be >>>> installed by an administrator. This is not an uncommon requirement, >>>> and I'm a little puzzled as to why it seems to pose a problem for >>>> you. >>>> >>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>> news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >>>> >>>>> Yes. >>>>> I don't agree with that requirement. >>>>> So now I need two installs if I'm not admin, just so I can have an >>>>> event >>>>> log? >>>>> I can create my own log file without admin privileges. >>>>> Windows should be able to provide some basic log file needs. When a >>>>> user >>>>> installs an app. they are already trusting the application. The >>>>> Event log >>>>> can be viewed remotely from windows admins, by making it difficult >>>>> to use >>>>> they are making harder for IT to manage apps through a know/common >>>>> interface. >>>>> Schneider >>>>> >>>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> >>>>> wrote in message >>>>> news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>>>> >>>>>> You can only register event source when you have administrative >>>>>> privileges. >>>>>> Build a small app that pre-creates the event sources at deployment >>>>>> time >>>>>> (with admin privileges) - afterwards you can use them from >>>>>> normal-user >>>>>> processes. >>>>>> ----- >>>>>> Dominick Baier (http://www.leastprivilege.com) >>>>>>> I did find some new info: >>>>>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>>>>> Basicly allows you to register a source during runtime. Have not >>>>>>> tried >>>>>>> it yet myself. >>>>>>> Schneider >>>>>>> >>>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>>>>> >>>>>>>> Whats the deal here MS? >>>>>>>> >>>>>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>>>>> Installer >>>>>>>> class? What kind of BS is this? >>>>>>>> So what evey time I install to Win2003 I need to add X number of >>>>>>>> Application Sources to the Event log system? >>>>>>>> What if the Log is Full? >>>>>>>> So what we do our own file log? Then Admin can't check them as >>>>>>>> easily... >>>>>>>> >>>>>>>> How about a real solution... >>>>>>>> >>>>>>>> Schneider >>>>>>>> >> >> > > Again BS reason:
It's not just a disk space issue. For example, if an event log that does not purge automatically fills up, it can cause important services to no longer run. Non-administrators should not be able to set up such an event log. Just make them AUTO PURGE! or better yet make the services better... This is plain and simple: It's easier for MS to add security layers than just fix the bad design! And you guys are full of it also... Schneider Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:Os%23St9rHHHA.1468@TK2MSFTNGP04.phx.gbl... > "schneider" <eschnei***@starkinvestments.cem> wrote in message > news:eUPPsSjHHHA.2232@TK2MSFTNGP02.phx.gbl... >> Yes that may work, but why would a developer bother with all this >> trouble? > > It's not the developer that should be setting up installation via SMS or > an AD GPO, it's the enterprise's IT group. Most commercial software > requires administrative installation, so most companies have usually found > some fairly routine way to deal with these. > > >> He can just create a custom log file, oops! now IT wants to check the log >> for errors, where was that file? and how do I view it? >> >> Thats my point... >> >> And why does the event source need to effect the whole system? >> If I create a custom log file and fill the entire hard drive that effects >> the whole system also... > > It's not just a disk space issue. For example, if an event log that does > not purge automatically fills up, it can cause important services to no > longer run. Non-administrators should not be able to set up such an event > log. > > >> >> Schneider >> >> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in >> message news:51eb30483b818c8ec40a05e6e80@news.microsoft.com... >>> In a corp environment you would use a software distribution tool like >>> SMS or AD group policies - no need to logoff... >>> >>> Adding an event source affects the whole system and not that single >>> user - so you need admin privs. as always - and makes sense. >>> >>> >>> ----- >>> Dominick Baier (http://www.leastprivilege.com) >>> >>>> I can deal with it. I can do alot worse things as non-admin app. I >>>> don't see why it's a problem to log events. >>>> >>>> What are the risks? I can create my own log file? >>>> Space usage? Can be addressed. >>>> You could have an admin install, but then the user may need to log off >>>> the machine. In a corp. enviroment this is a pain. If you give the >>>> users admin right they install everything from spyware to porn. >>>> >>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>>> message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... >>>> >>>>> When a non-admin user installs an application, there are plenty of >>>>> things that the installer should not be allowed to do, regardless of >>>>> how much that user might happen to trust the application. If your >>>>> application requires creation of an event log, then it should be >>>>> installed by an administrator. This is not an uncommon requirement, >>>>> and I'm a little puzzled as to why it seems to pose a problem for >>>>> you. >>>>> >>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>> news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >>>>> >>>>>> Yes. >>>>>> I don't agree with that requirement. >>>>>> So now I need two installs if I'm not admin, just so I can have an >>>>>> event >>>>>> log? >>>>>> I can create my own log file without admin privileges. >>>>>> Windows should be able to provide some basic log file needs. When a >>>>>> user >>>>>> installs an app. they are already trusting the application. The >>>>>> Event log >>>>>> can be viewed remotely from windows admins, by making it difficult >>>>>> to use >>>>>> they are making harder for IT to manage apps through a know/common >>>>>> interface. >>>>>> Schneider >>>>>> >>>>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> >>>>>> wrote in message >>>>>> news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>>>>> >>>>>>> You can only register event source when you have administrative >>>>>>> privileges. >>>>>>> Build a small app that pre-creates the event sources at deployment >>>>>>> time >>>>>>> (with admin privileges) - afterwards you can use them from >>>>>>> normal-user >>>>>>> processes. >>>>>>> ----- >>>>>>> Dominick Baier (http://www.leastprivilege.com) >>>>>>>> I did find some new info: >>>>>>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>>>>>> Basicly allows you to register a source during runtime. Have not >>>>>>>> tried >>>>>>>> it yet myself. >>>>>>>> Schneider >>>>>>>> >>>>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>>>>>> >>>>>>>>> Whats the deal here MS? >>>>>>>>> >>>>>>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>>>>>> Installer >>>>>>>>> class? What kind of BS is this? >>>>>>>>> So what evey time I install to Win2003 I need to add X number of >>>>>>>>> Application Sources to the Event log system? >>>>>>>>> What if the Log is Full? >>>>>>>>> So what we do our own file log? Then Admin can't check them as >>>>>>>>> easily... >>>>>>>>> >>>>>>>>> How about a real solution... >>>>>>>>> >>>>>>>>> Schneider >>>>>>>>> >>> >>> >> >> > > Agree with everything you say. I have not found a good way to ensure apps
can write to the event log and have often resorted to code that attempts to write to the event log and, if it fails, writes to a custom error log file. This is a complete pain for systems management. Rollout would be more complicated with an Admin installer and I can't see what the problem with non-admins writing event logs is anyway. Show quoteHide quote "schneider" <eschnei***@starkinvestments.cem> wrote in message news:e$kGxtuIHHA.420@TK2MSFTNGP06.phx.gbl... > Again BS reason: > It's not just a disk space issue. For example, if an event log that does > not purge automatically fills up, it can cause important services to no > longer run. Non-administrators should not be able to set up such an event > log. > > Just make them AUTO PURGE! or better yet make the services better... > > This is plain and simple: It's easier for MS to add security layers than > just fix the bad design! > > And you guys are full of it also... > > Schneider > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:Os%23St9rHHHA.1468@TK2MSFTNGP04.phx.gbl... >> "schneider" <eschnei***@starkinvestments.cem> wrote in message >> news:eUPPsSjHHHA.2232@TK2MSFTNGP02.phx.gbl... >>> Yes that may work, but why would a developer bother with all this >>> trouble? >> >> It's not the developer that should be setting up installation via SMS or >> an AD GPO, it's the enterprise's IT group. Most commercial software >> requires administrative installation, so most companies have usually >> found some fairly routine way to deal with these. >> >> >>> He can just create a custom log file, oops! now IT wants to check the >>> log for errors, where was that file? and how do I view it? >>> >>> Thats my point... >>> >>> And why does the event source need to effect the whole system? >>> If I create a custom log file and fill the entire hard drive that >>> effects the whole system also... >> >> It's not just a disk space issue. For example, if an event log that does >> not purge automatically fills up, it can cause important services to no >> longer run. Non-administrators should not be able to set up such an >> event log. >> >> >>> >>> Schneider >>> >>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in >>> message news:51eb30483b818c8ec40a05e6e80@news.microsoft.com... >>>> In a corp environment you would use a software distribution tool like >>>> SMS or AD group policies - no need to logoff... >>>> >>>> Adding an event source affects the whole system and not that single >>>> user - so you need admin privs. as always - and makes sense. >>>> >>>> >>>> ----- >>>> Dominick Baier (http://www.leastprivilege.com) >>>> >>>>> I can deal with it. I can do alot worse things as non-admin app. I >>>>> don't see why it's a problem to log events. >>>>> >>>>> What are the risks? I can create my own log file? >>>>> Space usage? Can be addressed. >>>>> You could have an admin install, but then the user may need to log off >>>>> the machine. In a corp. enviroment this is a pain. If you give the >>>>> users admin right they install everything from spyware to porn. >>>>> >>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>>>> message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... >>>>> >>>>>> When a non-admin user installs an application, there are plenty of >>>>>> things that the installer should not be allowed to do, regardless of >>>>>> how much that user might happen to trust the application. If your >>>>>> application requires creation of an event log, then it should be >>>>>> installed by an administrator. This is not an uncommon requirement, >>>>>> and I'm a little puzzled as to why it seems to pose a problem for >>>>>> you. >>>>>> >>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>> news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >>>>>> >>>>>>> Yes. >>>>>>> I don't agree with that requirement. >>>>>>> So now I need two installs if I'm not admin, just so I can have an >>>>>>> event >>>>>>> log? >>>>>>> I can create my own log file without admin privileges. >>>>>>> Windows should be able to provide some basic log file needs. When a >>>>>>> user >>>>>>> installs an app. they are already trusting the application. The >>>>>>> Event log >>>>>>> can be viewed remotely from windows admins, by making it difficult >>>>>>> to use >>>>>>> they are making harder for IT to manage apps through a know/common >>>>>>> interface. >>>>>>> Schneider >>>>>>> >>>>>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> >>>>>>> wrote in message >>>>>>> news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>>>>>> >>>>>>>> You can only register event source when you have administrative >>>>>>>> privileges. >>>>>>>> Build a small app that pre-creates the event sources at deployment >>>>>>>> time >>>>>>>> (with admin privileges) - afterwards you can use them from >>>>>>>> normal-user >>>>>>>> processes. >>>>>>>> ----- >>>>>>>> Dominick Baier (http://www.leastprivilege.com) >>>>>>>>> I did find some new info: >>>>>>>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>>>>>>> Basicly allows you to register a source during runtime. Have not >>>>>>>>> tried >>>>>>>>> it yet myself. >>>>>>>>> Schneider >>>>>>>>> >>>>>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>>>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>>>>>>> >>>>>>>>>> Whats the deal here MS? >>>>>>>>>> >>>>>>>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>>>>>>> Installer >>>>>>>>>> class? What kind of BS is this? >>>>>>>>>> So what evey time I install to Win2003 I need to add X number of >>>>>>>>>> Application Sources to the Event log system? >>>>>>>>>> What if the Log is Full? >>>>>>>>>> So what we do our own file log? Then Admin can't check them as >>>>>>>>>> easily... >>>>>>>>>> >>>>>>>>>> How about a real solution... >>>>>>>>>> >>>>>>>>>> Schneider >>>>>>>>>> >>>> >>>> >>> >>> >> >> > > Thanks, Andy
Beginning to wonder if anyone is listening... It's not just an Admin Install but also some method to register the new source must be performed during the install. Also this is only enforced in Win2003 Server right now and maybe XP Pro. Either way seems no one at MS has a Clue and also many others. Schneider Show quoteHide quote <Andy> wrote in message news:ueXftO1IHHA.780@TK2MSFTNGP03.phx.gbl... > Agree with everything you say. I have not found a good way to ensure apps > can write to the event log and have often resorted to code that attempts > to write to the event log and, if it fails, writes to a custom error log > file. This is a complete pain for systems management. Rollout would be > more complicated with an Admin installer and I can't see what the problem > with non-admins writing event logs is anyway. > > > "schneider" <eschnei***@starkinvestments.cem> wrote in message > news:e$kGxtuIHHA.420@TK2MSFTNGP06.phx.gbl... >> Again BS reason: >> It's not just a disk space issue. For example, if an event log that does >> not purge automatically fills up, it can cause important services to no >> longer run. Non-administrators should not be able to set up such an >> event >> log. >> >> Just make them AUTO PURGE! or better yet make the services better... >> >> This is plain and simple: It's easier for MS to add security layers than >> just fix the bad design! >> >> And you guys are full of it also... >> >> Schneider >> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message >> news:Os%23St9rHHHA.1468@TK2MSFTNGP04.phx.gbl... >>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>> news:eUPPsSjHHHA.2232@TK2MSFTNGP02.phx.gbl... >>>> Yes that may work, but why would a developer bother with all this >>>> trouble? >>> >>> It's not the developer that should be setting up installation via SMS or >>> an AD GPO, it's the enterprise's IT group. Most commercial software >>> requires administrative installation, so most companies have usually >>> found some fairly routine way to deal with these. >>> >>> >>>> He can just create a custom log file, oops! now IT wants to check the >>>> log for errors, where was that file? and how do I view it? >>>> >>>> Thats my point... >>>> >>>> And why does the event source need to effect the whole system? >>>> If I create a custom log file and fill the entire hard drive that >>>> effects the whole system also... >>> >>> It's not just a disk space issue. For example, if an event log that >>> does not purge automatically fills up, it can cause important services >>> to no longer run. Non-administrators should not be able to set up such >>> an event log. >>> >>> >>>> >>>> Schneider >>>> >>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote >>>> in message news:51eb30483b818c8ec40a05e6e80@news.microsoft.com... >>>>> In a corp environment you would use a software distribution tool like >>>>> SMS or AD group policies - no need to logoff... >>>>> >>>>> Adding an event source affects the whole system and not that single >>>>> user - so you need admin privs. as always - and makes sense. >>>>> >>>>> >>>>> ----- >>>>> Dominick Baier (http://www.leastprivilege.com) >>>>> >>>>>> I can deal with it. I can do alot worse things as non-admin app. I >>>>>> don't see why it's a problem to log events. >>>>>> >>>>>> What are the risks? I can create my own log file? >>>>>> Space usage? Can be addressed. >>>>>> You could have an admin install, but then the user may need to log >>>>>> off >>>>>> the machine. In a corp. enviroment this is a pain. If you give the >>>>>> users admin right they install everything from spyware to porn. >>>>>> >>>>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>>>>> message news:OdaBcdgHHHA.3676@TK2MSFTNGP03.phx.gbl... >>>>>> >>>>>>> When a non-admin user installs an application, there are plenty of >>>>>>> things that the installer should not be allowed to do, regardless of >>>>>>> how much that user might happen to trust the application. If your >>>>>>> application requires creation of an event log, then it should be >>>>>>> installed by an administrator. This is not an uncommon requirement, >>>>>>> and I'm a little puzzled as to why it seems to pose a problem for >>>>>>> you. >>>>>>> >>>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>>> news:e9oN1PgHHHA.5104@TK2MSFTNGP03.phx.gbl... >>>>>>> >>>>>>>> Yes. >>>>>>>> I don't agree with that requirement. >>>>>>>> So now I need two installs if I'm not admin, just so I can have an >>>>>>>> event >>>>>>>> log? >>>>>>>> I can create my own log file without admin privileges. >>>>>>>> Windows should be able to provide some basic log file needs. When a >>>>>>>> user >>>>>>>> installs an app. they are already trusting the application. The >>>>>>>> Event log >>>>>>>> can be viewed remotely from windows admins, by making it difficult >>>>>>>> to use >>>>>>>> they are making harder for IT to manage apps through a know/common >>>>>>>> interface. >>>>>>>> Schneider >>>>>>>> >>>>>>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> >>>>>>>> wrote in message >>>>>>>> news:51eb30483a388c8eb68b4e3e110@news.microsoft.com... >>>>>>>> >>>>>>>>> You can only register event source when you have administrative >>>>>>>>> privileges. >>>>>>>>> Build a small app that pre-creates the event sources at deployment >>>>>>>>> time >>>>>>>>> (with admin privileges) - afterwards you can use them from >>>>>>>>> normal-user >>>>>>>>> processes. >>>>>>>>> ----- >>>>>>>>> Dominick Baier (http://www.leastprivilege.com) >>>>>>>>>> I did find some new info: >>>>>>>>>> http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx >>>>>>>>>> Basicly allows you to register a source during runtime. Have not >>>>>>>>>> tried >>>>>>>>>> it yet myself. >>>>>>>>>> Schneider >>>>>>>>>> >>>>>>>>>> "schneider" <eschnei***@starkinvestments.cem> wrote in message >>>>>>>>>> news:%23R6U$iIGHHA.3952@TK2MSFTNGP02.phx.gbl... >>>>>>>>>> >>>>>>>>>>> Whats the deal here MS? >>>>>>>>>>> >>>>>>>>>>> Has Issues in Win2003, only way to allow is a Regedit hack or >>>>>>>>>>> Installer >>>>>>>>>>> class? What kind of BS is this? >>>>>>>>>>> So what evey time I install to Win2003 I need to add X number of >>>>>>>>>>> Application Sources to the Event log system? >>>>>>>>>>> What if the Log is Full? >>>>>>>>>>> So what we do our own file log? Then Admin can't check them as >>>>>>>>>>> easily... >>>>>>>>>>> >>>>>>>>>>> How about a real solution... >>>>>>>>>>> >>>>>>>>>>> Schneider >>>>>>>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > 
Other interesting topics
Newbie Security Question
Is there a limit to number record returned from AD serach to a dat Creating Authorization Manager Store through Code Encrypt Email with Certificate Natively in .Net what NewsGroup tools do you use? Signing a .NET Application TripleDESCryptoServiceProvider - Secret Key Length permission problems Authorization Manager Problem Help in signing SoapEnvelope using wse 3.0 |
|||||||||||||||||||||||
