Can't get EventLogs of type Security.

  • Thread starter Thread starter Ken Varn
  • Start date Start date
K

Ken Varn

I am using the EventLog class to try and get the Security logs to display
them on my asp.net page. For some reason if I impersonate an administrator
user before accessing the Entries collection in the EventLog object, I get a
Win32Exception (A required privilege is not held by the client). However,
if I set the ASP.NET account to run under the SYSTEM level privileges
without doing impersonation, the call works fine. This only seems to be a
problem when accessing the Security EvenLog category. Can someone explain
why this occurs and how I can get it to work under impersonation, rather
than using SYSTEM level privileges for the ASP.NET account?

i.e.,

void ParseLog()
{
EventLog Log;

// Omitted - Impersonation code done here
//....

Log = new EventLog("Application");

foreach(LogEntry L in Log.Entries) // This loop works fine.
{
// Omitted -- Load log data into screen here.
}

Log = new EventLog("Security");

foreach(LogEntry L in Log.Entries) // Exception is thrown here.
{
// Omitted -- Load log data into screen here.
}
}

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------
 
my guess is that the impersonation code is incorrect. the asp.net account
need impersonation (act as part of os) permission, and you need a primary
token for the account you want to impersonate. if there is a current
impersonation you will need to revert first.

-- bruce (sqlwork.com)
 
Run RegEdt32
Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
Right Click on the Security key and see the permission list. This way you do
not have to grant Admin privileage for the rest of the code.

Regards,

Trevor Benedict R
MCSD
 
Thanks for the info.

I checked out the permissions, and admin does have read/write permissions.
I am impersonating an admin user before using the EventLog object, but I am
still not getting permission. Maybe my impersonation logic is not right.
Here are the steps that I follow:

- First PInvoke the Win32 LogonUser to get a handle to my reserved admin
user.
- Next, I PInvoke the Win32 DuplicateToken to create a new handle of type
SecurityImpersonation
- Next, I Create a WindowsIdentity object using the duplicated handle.
- Finally, I call the Impersonate method of the WindowsIdentity object.

All calls in the above steps are checked for success and all complete
successfully.

Is there something that I am doing wrong here?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------
Trevor Benedict R said:
Run RegEdt32
Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
Right Click on the Security key and see the permission list. This way you do
not have to grant Admin privileage for the rest of the code.

Regards,

Trevor Benedict R
MCSD
 
Back
Top