Allow Click-Once app run by Non-Admin user to log in event log

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We create a new eventlog for our inhouse apps, and we all our clickonce (C#)
apps are writting in the event log, if the user is a local ADMIN.

but for non-admin users, our apps are unable to write to any event log.

how to allow a click once apps to write in an event log for non-admin user?


Here's our code:

if (!EventLog.SourceExists("Enterprise Library Logging"))
{
EventLog.CreateEventSource("Enterprise Library Logging",
"UAP");
}

EventLog elog = new EventLog();
elog.Log = "UAP";
elog.Source = Application.ProductName;
elog.MaximumKilobytes = 102400; // Comme les autres EVENT LOG.
elog.WriteEntry("App STARTED", EventLogEntryType.Information);
elog.Close();
 
Hi SHEBERT,

When a ClickOnce application is installed on a client machine, the
application files are downloaded to the current user
location(%userprofile%\AppData\Local) and the ClickOnce application only
runs on behalf of the current user.

Because these applications and their state reside in a per-user location
they are not protected and are subject to tampering by the user or by code
running on behalf of the user. As a result any application which requests
admin elevation can be exploited to run code to which the user has not
given explicit consent. This exploit constitutes a privilege elevation
security attack.

That's to say, ClickOnce doesn't support admin elevation. You should always
install and run the ClickOnce application requiring administrator privilege
under an administrator account.

Hope this helps.
If you have any concern, please feel free to let me know.

Sincerely,
Linda Liu
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Are you saying that loggin in an event log require "admin elevation" ?

The app doesn't have to create the event log, I understand that you need
admin rights for that, but i need the app to LOG in the event log.

I did a VB6 program and it did log fine in the log event under a non-admin
account.

why can a click-once can't write in an event log under a non-admin account?
 
Hi SHEBERT,

Thank you for your prompt reply!
Are you saying that loggin in an event log require "admin elevation" ?
Click to expand...

Sorry that I didn't explain clearly in my first reply.

No, logging an entry in the existing event log does not require
administrative rights, but both creating a new event source and setting the
MaximumKilobytes property of the EventLog object does reuire administrative
rights.

If a ClickOnce application doesn't require administrative rights, it can be
installed and run under a non-admin account properly without any problem.

Hope this helps.
If you have any question, please feel free to let me know.

Sincerely,
Linda Liu
Microsoft Online Community Support
 
Hi SHEBERT,

How about the problem now?

If you have any question, please feel free to let me know.

Thank you for using our MSDN Managed Newsgroup Support Service!

Sincerely,
Linda Liu
Microsoft Online Community Support
 
I will have to investigate this more, but it seems that I can’t log in an
event log with a non-admin account with the pc (Windows 2000 SP4) I was doing
my test. I tried on an XP and even another Windows 2000 PC and I could with
the same app.
 
Hi SHEBERT,

How about the problem now?

If the problem is still not resolved, please feel free to let me know.

Thank you for using our MSDN Managed Newsgroup Support Service!

Sincerely,
Linda Liu
Microsoft Online Community Support
 
Back
Top