G
Guest
We have several applications that will be executing on multiple machines.
These applications will be placed on our network and setup with an xcopy
style of deployment. To accomplish this task, we had to adjust the Framework
configuration, Code Access Security for the machine to Full Trust for Local
Intranet applications.
We created a deployment package and we execute this on any machines that
will execute the apps.
These apps also have a feature where we write messages to the eventlog when
an error is encountered. This works great for our clients that have Power
user or admin rights, but for a standard user the eventlog post fails with a
message that "Requested Registry Access is Not Allowed".
There are Permission Sets within the framework configuration tool, but I'm
not sure what the best approach is to accomplish allowing standard clients
the permisiion to write to the eventlog without opening security up too much.
I'm writing to the "Application" log as a standard user with the following
code:
Dim EventLogMessageSys As New System.Diagnostics.EventLog
Dim strMachineName As String
strMachineName = System.Environment.MachineName
EventLogMessageSys.MachineName = strMachineName EventLogMessageSys.Source =
“TestApp†EventLogMessageSys.Log = "Application"
EventLogMessageSys.WriteEntry("Testing", EventLogEntryType.Information)
The app fails on the WriteEntry and the exception that is thrown is
"Requested Registry Access is Not Allowed". With Windows 2000 and prior, you
could write to the application log, but with Windows XP Pro SP1 I'm not
experiencing the same behavior.
XP seems to be more sophisticated with the security. As I said above, I was
hoping there might be a Permission Set tweak that you can perform on any
machine that the app will run. If you can set permissions for a specific
machine or sign-on to have higher rights, the app might run.
Does anyone have any feedback regarding Permission Sets and Framework
Security that might help?
These applications will be placed on our network and setup with an xcopy
style of deployment. To accomplish this task, we had to adjust the Framework
configuration, Code Access Security for the machine to Full Trust for Local
Intranet applications.
We created a deployment package and we execute this on any machines that
will execute the apps.
These apps also have a feature where we write messages to the eventlog when
an error is encountered. This works great for our clients that have Power
user or admin rights, but for a standard user the eventlog post fails with a
message that "Requested Registry Access is Not Allowed".
There are Permission Sets within the framework configuration tool, but I'm
not sure what the best approach is to accomplish allowing standard clients
the permisiion to write to the eventlog without opening security up too much.
I'm writing to the "Application" log as a standard user with the following
code:
Dim EventLogMessageSys As New System.Diagnostics.EventLog
Dim strMachineName As String
strMachineName = System.Environment.MachineName
EventLogMessageSys.MachineName = strMachineName EventLogMessageSys.Source =
“TestApp†EventLogMessageSys.Log = "Application"
EventLogMessageSys.WriteEntry("Testing", EventLogEntryType.Information)
The app fails on the WriteEntry and the exception that is thrown is
"Requested Registry Access is Not Allowed". With Windows 2000 and prior, you
could write to the application log, but with Windows XP Pro SP1 I'm not
experiencing the same behavior.
XP seems to be more sophisticated with the security. As I said above, I was
hoping there might be a Permission Set tweak that you can perform on any
machine that the app will run. If you can set permissions for a specific
machine or sign-on to have higher rights, the app might run.
Does anyone have any feedback regarding Permission Sets and Framework
Security that might help?