Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Error when attempting to write to event log - Cannot open log for source 'SourceName'. You may not have write access

We're currently trying to integrate existing classic ASP pages into our new method of logging to the event log. We're achieving this by calling a .NET assembly exposed as a COM object which does the actual logging to event log. This all works correctly, however when we try to write to the event log we get an error "Cannot open log for source 'SourceName'. You may not have write access.". The logging code itself works when calling from an aspx page. This obviosuly appears to be a permissions problem with the IUSR_machinename account, however, from looking into a number of other related posts we've tried a number of solutions without any success.

  • Editing HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/EventLog/Application/RestrictGuestAccess - setting this to 0
  • Adding IUSR_machinename to local admin groups and removing the guest group
  • Editing CustomSD and appending (A;;0x0002;;;AU) to the value here

The only success we have had is when using ASP.NET impersonation to use a newly created local admin account on the server. With this user it works, however, this is a workaround rather than solving the initial permissions problem. Is there anything else that we can try to get the permissions working with the IUSR_machinename account?

like image 951
whudson05 Avatar asked Jul 21 '10 15:07

whudson05


People also ask

How do I give the Network Service account read permission on the EventLog security key?

Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog > Security, right-click and select "Permissions..." Click "Add...", find the account running Secret Server, then click OK. Check Read in the Allow column, then click OK to apply the permission.

What is Event Log service?

Event logging provides a standard, centralized way for applications (and the operating system) to record important software and hardware events. The event logging service records events from various sources and stores them in a single collection called an event log.


2 Answers

Got this solved by setting the impersonate tag in web.config to false:

<identity impersonate="false"/>
like image 199
jcsilva87 Avatar answered Nov 15 '22 06:11

jcsilva87


We managed to solve this problem in the end by giving guest users access to the event log. You can carry this out by adding (A;;0xf0002;;;BG) to the customSD or replacing (D;;0xf0007;;;BG) if it is present. Then by setting RestrictGuestAccess to 0.

like image 24
whudson05 Avatar answered Nov 15 '22 05:11

whudson05