问题
My question is related to write permissions to the Windows Event Log. I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.
I use C# in .NET 4.0. I use the EventLog class: EventLog class
In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.
My application is a Windows Service running with one of the following accounts:
- Network Service
- Local Service
- Local System
- User with restricted rights (Users or Domain Users groups)
Here are some other criterias I have:
- I cannot put the service user as Administrator, not even local administrator on the server
- I cannot edit or alter the registry
- I cannot alter the UAC or any group policies on the server
- I have a user with Administrator rights, but it cannot be used to run the service
- The Event Log will always be the local Event Log, not on a remote machine
- The Log will probably always be the "Application" log
- The Source may vary, and that seems to be the heart of the problem
My question is : Is this at all possible?
Can I impersonate a user in my code to achieve what I need? I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.
I stumbled into this class: EventLogPermission Class
But I cannot seem to get a good concept on how to use the class.
I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.
回答1:
By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.
If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
A process described in this KB Article. A wevtutil tool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.
回答2:
The answer showed to be "no".
I realize there are no good way of solving this the way I requested. There must be a manual job done.
So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.
Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.
来源:https://stackoverflow.com/questions/14245345/eventlog-write-permissions