0

My application is in C#.NET and it is deployed on different machines. Users of my application have normal access rights ( no ADMIN rights). On a few system I am getting System.Security.SecurityException. It says "System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security"

I did a few workarounds :-

  1. on one machine I launched my app with admin rights, It worked fine - No issue.
  2. I added user group in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security. It worked fine.

I dont want to go to every machine and do above workarounds. I need any generic workaround that can be applied once in all machine. Any help?

Writing down a few lines of code :- Config file :- 

<add key="E_Source" Value="ABC">

C# code

Public static readonly string E_Source = ConfigManager.GetString("E_Source");

EventLog.writeEntry(E_Source, logtext, logtype);

Thanks in advance

Dhanuka
  • 2,826
  • 5
  • 27
  • 38
userUnknown
  • 1
  • 1
  • 6
  • There are really only two fixes that I have found without requiring admin privileges. 1) Add a certificate to your application and make this certificate trusted on your domain. 2) Roll your own logger and abandon the windows event log. I suppose there is an option 3) Create a special domain user account for logging only and execute logger code under the special user context – VoteCoffee May 25 '15 at 17:55
  • 1
    See my answer to https://stackoverflow.com/questions/8447948/log4net-eventlog-permissions-issue-using-non-administrator-account/8478672#8478672 – sgmoore May 25 '15 at 18:01
  • You only need elevated rights to create an event Source, not to write to it. So if your application has an installer, that must be run as administrator anyway, create the event source at that time. – Crowcoder May 25 '15 at 18:03
  • The problem is the missing event source. Workaround 1 works, because as admin, .NET simply creates the missing event source. Workaround 2 "works", in that you get no exception. However, nothing is logged, since the event source isn't there. – Daniel Rose May 25 '15 at 18:04
  • @ sgmoore, Daniel Rose. Thanks for your reply. Lets say user ( with no admin rights ) tries to install package, will it create a new eventsouce? – userUnknown May 25 '15 at 18:20
  • @Crowcoder .. I am not using any createeventsource function in my code. Where should I use it ? – userUnknown May 25 '15 at 18:21
  • @tilak If you write to a Source that does not exist there will be an attempt to create it. But as you have learned, the user must have elevated priviliges. So like I said, if you have an installer that is run by an admin then you could create the registry key or maybe run a powershell script to create the Source during installation. If this is not an option the only other thing I can think of (and it is a bad idea) is to use impersonation to run a specific block of code to create the Source if it does not exist. For this you must know and store the admin login accessible to your app. – Crowcoder May 25 '15 at 18:41

2 Answers2

4

To find the Source you want to write, .NET enumerates through all event logs. If it doesn't exist, .NET will eventually try enumerating through the Security log, for which you don't even have read rights as normal user. Thus, you get a SecurityException.

So you have to make sure that the event log exists (which AFAIK you can't do without triggering the exception). Normally, you would do that as part of your setup/install. Then, when writing, catch the SecurityException and handle it as appropriate (ex. show an error message that you couldn't write to the log).

Daniel Rose
  • 17,233
  • 9
  • 65
  • 88
0

If you're writing to the EventLog programmatically, you will need to create an event source with elevated permissions, as noted in the documentation on the EventLog class:

https://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog%28v=vs.110%29.aspx

maniak1982
  • 707
  • 2
  • 7
  • 23
  • FYI, while your answer is valid, per his original question, the users don't have admin rights to do this – VoteCoffee May 25 '15 at 17:57
  • 3
    This is not strictly true. You don't need admin rights to write to the eventlog, however you do need admin to create an event source, which is why this is normally done as part of the installation – sgmoore May 25 '15 at 17:59
  • Thanks. I edited the answer to reflect the discrepancy. – maniak1982 May 25 '15 at 18:01