"Jeremy Lew" <js***@hotmail.com> wrote in message
news:OJzj$8nRFHA.1096@tk2msftngp13.phx.gbl...
> I'm trying to write to the Windows event log from an ASP.NET application
> which is impersonating a local user (through p/invoke LogonUser and .NET
> impersionation).  Although the user I am impersonating can write
> successfully when interactively logged on, I get an Access Denied result
> from the interop call to advapi32's RegisterEventSource when impersonating
> this same user under ASP.NET.  If I make said user member of
Administrators,
> it works, but I have not been able to figure out what permission or
> privilege is necessary for the non-admin to function in this scenario.
>
> Anyone have a guess as to why this may be or what permissions to try?
>
> Thanks,
> Jeremy
>
>
>

"Jeremy Lew" <js***@hotmail.com> wrote in message
news:uiJcw%23nRFHA.3944@TK2MSFTNGP10.phx.gbl...
> Further clarification:  The event source has already been created, I am
> trying to write to a source I know exists.
>
> "Jeremy Lew" <js***@hotmail.com> wrote in message
> news:OJzj$8nRFHA.1096@tk2msftngp13.phx.gbl...
>> I'm trying to write to the Windows event log from an ASP.NET application
>> which is impersonating a local user (through p/invoke LogonUser and .NET
>> impersionation).  Although the user I am impersonating can write
>> successfully when interactively logged on, I get an Access Denied result
>> from the interop call to advapi32's RegisterEventSource when
>> impersonating
>> this same user under ASP.NET.  If I make said user member of
> Administrators,
>> it works, but I have not been able to figure out what permission or
>> privilege is necessary for the non-admin to function in this scenario.
>>
>> Anyone have a guess as to why this may be or what permissions to try?
>>
>> Thanks,
>> Jeremy
>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:ezLMoFoRFHA.3496@TK2MSFTNGP12.phx.gbl...
> What is the name of the event log under which the source is registered?
>
>
> "Jeremy Lew" <js***@hotmail.com> wrote in message
> news:uiJcw%23nRFHA.3944@TK2MSFTNGP10.phx.gbl...
> > Further clarification:  The event source has already been created, I am
> > trying to write to a source I know exists.
> >
> > "Jeremy Lew" <js***@hotmail.com> wrote in message
> > news:OJzj$8nRFHA.1096@tk2msftngp13.phx.gbl...
> >> I'm trying to write to the Windows event log from an ASP.NET
application
> >> which is impersonating a local user (through p/invoke LogonUser and
..NET
> >> impersionation).  Although the user I am impersonating can write
> >> successfully when interactively logged on, I get an Access Denied
result
> >> from the interop call to advapi32's RegisterEventSource when
> >> impersonating
> >> this same user under ASP.NET.  If I make said user member of
> > Administrators,
> >> it works, but I have not been able to figure out what permission or
> >> privilege is necessary for the non-admin to function in this scenario.
> >>
> >> Anyone have a guess as to why this may be or what permissions to try?
> >>
> >> Thanks,
> >> Jeremy
> >>
> >>
> >>
> >
> >
>
>

"Jeremy Lew" <js***@hotmail.com> wrote in message
news:%23ZYijJoRFHA.1096@tk2msftngp13.phx.gbl...
> It's the Application log.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:ezLMoFoRFHA.3496@TK2MSFTNGP12.phx.gbl...
>> What is the name of the event log under which the source is registered?
>>
>>
>> "Jeremy Lew" <js***@hotmail.com> wrote in message
>> news:uiJcw%23nRFHA.3944@TK2MSFTNGP10.phx.gbl...
>> > Further clarification:  The event source has already been created, I am
>> > trying to write to a source I know exists.
>> >
>> > "Jeremy Lew" <js***@hotmail.com> wrote in message
>> > news:OJzj$8nRFHA.1096@tk2msftngp13.phx.gbl...
>> >> I'm trying to write to the Windows event log from an ASP.NET
> application
>> >> which is impersonating a local user (through p/invoke LogonUser and
> .NET
>> >> impersionation).  Although the user I am impersonating can write
>> >> successfully when interactively logged on, I get an Access Denied
> result
>> >> from the interop call to advapi32's RegisterEventSource when
>> >> impersonating
>> >> this same user under ASP.NET.  If I make said user member of
>> > Administrators,
>> >> it works, but I have not been able to figure out what permission or
>> >> privilege is necessary for the non-admin to function in this scenario.
>> >>
>> >> Anyone have a guess as to why this may be or what permissions to try?
>> >>
>> >> Thanks,
>> >> Jeremy
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>
>

> I'm trying to write to the Windows event log from an ASP.NET
> application which is impersonating a local user (through p/invoke
> LogonUser and .NET impersionation).  Although the user I am
> impersonating can write successfully when interactively logged on, I
> get an Access Denied result from the interop call to advapi32's
> RegisterEventSource when impersonating this same user under ASP.NET.
> If I make said user member of Administrators, it works, but I have not
> been able to figure out what permission or privilege is necessary for
> the non-admin to function in this scenario.
>
> Anyone have a guess as to why this may be or what permissions to try?
>
> Thanks,
> Jeremy

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:288435632497012335810912@news.microsoft.com...
> Hello Jeremy,
>
> is it Windows 2003?
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > I'm trying to write to the Windows event log from an ASP.NET
> > application which is impersonating a local user (through p/invoke
> > LogonUser and .NET impersionation).  Although the user I am
> > impersonating can write successfully when interactively logged on, I
> > get an Access Denied result from the interop call to advapi32's
> > RegisterEventSource when impersonating this same user under ASP.NET.
> > If I make said user member of Administrators, it works, but I have not
> > been able to figure out what permission or privilege is necessary for
> > the non-admin to function in this scenario.
> >
> > Anyone have a guess as to why this may be or what permissions to try?
> >
> > Thanks,
> > Jeremy
>
>
>

> Dimonick, yes it is 2003, although I need to make it work on 2000
> Server eventually too.
>
> To answer Nicole's question, the call which is failing is:
> EventLog.WriteEntry("Some Message","MyEventSouce")
>
> I have disassembled WriteEntry, and I'm fairly sure what is actually
> failing is the internal P/INVOKE call to the advapi32
> RegisterEventSource function. The managed code constructs a
> Win32Exception from this.  In other words, this is not a really .NET
> problem, it's a Win32 security problem.
>
> Jeremy
>
> "Dominick Baier [DevelopMentor]"
> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> news:288435632497012335810912@news.microsoft.com...
>
>> Hello Jeremy,
>>
>> is it Windows 2003?
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I'm trying to write to the Windows event log from an ASP.NET
>>> application which is impersonating a local user (through p/invoke
>>> LogonUser and .NET impersionation).  Although the user I am
>>> impersonating can write successfully when interactively logged on, I
>>> get an Access Denied result from the interop call to advapi32's
>>> RegisterEventSource when impersonating this same user under ASP.NET.
>>> If I make said user member of Administrators, it works, but I have
>>> not been able to figure out what permission or privilege is
>>> necessary for the non-admin to function in this scenario.
>>>
>>> Anyone have a guess as to why this may be or what permissions to
>>> try?
>>>
>>> Thanks,
>>> Jeremy

>
> you can find more info on SDDL via
> http://msdn.microsoft.com/library/en-us/security/security/security_descriptor_string_format.asp
>
> and more info on how to change that settings:
> http://msdn.microsoft.com/library/en-us/dncode/html/secure06122003.asp
>
> HTH
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Dimonick, yes it is 2003, although I need to make it work on 2000
>> Server eventually too.
>>
>> To answer Nicole's question, the call which is failing is:
>> EventLog.WriteEntry("Some Message","MyEventSouce")
>>
>> I have disassembled WriteEntry, and I'm fairly sure what is actually
>> failing is the internal P/INVOKE call to the advapi32
>> RegisterEventSource function. The managed code constructs a
>> Win32Exception from this.  In other words, this is not a really .NET
>> problem, it's a Win32 security problem.
>>
>> Jeremy
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:288435632497012335810912@news.microsoft.com...
>>
>>> Hello Jeremy,
>>>
>>> is it Windows 2003?
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> I'm trying to write to the Windows event log from an ASP.NET
>>>> application which is impersonating a local user (through p/invoke
>>>> LogonUser and .NET impersionation).  Although the user I am
>>>> impersonating can write successfully when interactively logged on, I
>>>> get an Access Denied result from the interop call to advapi32's
>>>> RegisterEventSource when impersonating this same user under ASP.NET.
>>>> If I make said user member of Administrators, it works, but I have
>>>> not been able to figure out what permission or privilege is
>>>> necessary for the non-admin to function in this scenario.
>>>>
>>>> Anyone have a guess as to why this may be or what permissions to
>>>> try?
>>>>
>>>> Thanks,
>>>> Jeremy
>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OYgUnwyRFHA.3712@TK2MSFTNGP10.phx.gbl...
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:291692632497616544227040@news.microsoft.com...
> <snip>
> > this basically means service accounts/admins have read/write - no one
else
>
> Also the interactive logon user, which was probably the main cause of
> troubleshooting difficulty in this particular scenario.  (Or at least it
was
> for me. <g>)
>
>
> >
> > you can find more info on SDDL via
> >

> >
> > and more info on how to change that settings:
> > http://msdn.microsoft.com/library/en-us/dncode/html/secure06122003.asp
> >
> > HTH
> >
> > ---------------------------------------
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> >> Dimonick, yes it is 2003, although I need to make it work on 2000
> >> Server eventually too.
> >>
> >> To answer Nicole's question, the call which is failing is:
> >> EventLog.WriteEntry("Some Message","MyEventSouce")
> >>
> >> I have disassembled WriteEntry, and I'm fairly sure what is actually
> >> failing is the internal P/INVOKE call to the advapi32
> >> RegisterEventSource function. The managed code constructs a
> >> Win32Exception from this.  In other words, this is not a really .NET
> >> problem, it's a Win32 security problem.
> >>
> >> Jeremy
> >>
> >> "Dominick Baier [DevelopMentor]"
> >> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> >> news:288435632497012335810912@news.microsoft.com...
> >>
> >>> Hello Jeremy,
> >>>
> >>> is it Windows 2003?
> >>>
> >>> ---------------------------------------
> >>> Dominick Baier - DevelopMentor
> >>> http://www.leastprivilege.com
> >>>> I'm trying to write to the Windows event log from an ASP.NET
> >>>> application which is impersonating a local user (through p/invoke
> >>>> LogonUser and .NET impersionation).  Although the user I am
> >>>> impersonating can write successfully when interactively logged on, I
> >>>> get an Access Denied result from the interop call to advapi32's
> >>>> RegisterEventSource when impersonating this same user under ASP.NET.
> >>>> If I make said user member of Administrators, it works, but I have
> >>>> not been able to figure out what permission or privilege is
> >>>> necessary for the non-admin to function in this scenario.
> >>>>
> >>>> Anyone have a guess as to why this may be or what permissions to
> >>>> try?
> >>>>
> >>>> Thanks,
> >>>> Jeremy
> >
> >
> >
>
>