by Brad
6. March 2008 11:44
If you want to write to the Server's Event log from ASP.NET you'll first need to tweak some security settings. The first change is easy, however the second took me a while to find.
Step One:
Grant "Full Control" to the "IIS_WPG" group to the following registry key:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog
Step Two:
One of the security restrictions added to IIS 6 under Windows Server 2003 was much tighter ACLs (Access Control Lists) on the event logs. This restricts what accounts can read and write to the logs (application, system & security). To overcome this you'll need to add the following value. Incase you're worried what security hole I'm opening up for you there's a breakdown of what it means at the end of the post.
Add the above value to the end of the existing "CustomSD" value found at following path (pick relevant one):
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security
So mine went from:
O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)
to: (scroll to all the way to the right to see the change in bold):
O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x0002;;;AU)
The value being added is written in Security Descriptor Definition Language (SDDL) and is as follows:
- A = Access allowed.
- ;; = token delimiter (don't know why there's two of them?)
- 0x0002 = Permission to write log files.
- ;;; = token delimiter (again - don't know why there's three of them?)
- AU = Authenticated Users.
Subscribe