Menu
We're currently trying to integrate existing classic ASP pages into our new method of logging to the event log. We're achieving this by calling a .NET assembly exposed as a COM object which does the actual logging to event log. This all works correctly, however when we try to write to the event log we get an error "Cannot open log for source 'SourceName'. You may not have write access.". The logging code itself works when calling from an aspx page. This obviosuly appears to be a permissions problem with the IUSR_machinename account, however, from looking into a number of other related posts we've tried a number of solutions without any success.
The only success we have had is when using ASP.NET impersonation to use a newly created local admin account on the server. With this user it works, however, this is a workaround rather than solving the initial permissions problem. Is there anything else that we can try to get the permissions working with the IUSR_machinename account?
951
Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog > Security, right-click and select "Permissions..." Click "Add...", find the account running Secret Server, then click OK. Check Read in the Allow column, then click OK to apply the permission.
Event logging provides a standard, centralized way for applications (and the operating system) to record important software and hardware events. The event logging service records events from various sources and stores them in a single collection called an event log.
Got this solved by setting the impersonate tag in web.config to false:
<identity impersonate="false"/>
We managed to solve this problem in the end by giving guest users access to the event log. You can carry this out by adding (A;;0xf0002;;;BG) to the customSD or replacing (D;;0xf0007;;;BG) if it is present. Then by setting RestrictGuestAccess to 0.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
