Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
289 views
in Technique[技术] by (71.8m points)

c# - EventLog write permissions

My question is related to write permissions to the Windows Event Log. I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.

I use C# in .NET 4.0. I use the EventLog class: EventLog class

In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.

My application is a Windows Service running with one of the following accounts:

  • Network Service
  • Local Service
  • Local System
  • User with restricted rights (Users or Domain Users groups)

Here are some other criterias I have:

  • I cannot put the service user as Administrator, not even local administrator on the server
  • I cannot edit or alter the registry
  • I cannot alter the UAC or any group policies on the server
  • I have a user with Administrator rights, but it cannot be used to run the service
  • The Event Log will always be the local Event Log, not on a remote machine
  • The Log will probably always be the "Application" log
  • The Source may vary, and that seems to be the heart of the problem

My question is : Is this at all possible?

Can I impersonate a user in my code to achieve what I need? I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.

I stumbled into this class: EventLogPermission Class

But I cannot seem to get a good concept on how to use the class.

I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.

If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:

  HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlogApplicationCustomSD

A process described in this KB Article. A wevtutil tool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...