开发者

Does Windows 7 still assign Event Log permissions via the Registry?

Very simple question that I've been having trouble answering.

In Windows XP and Server 2003, I have occasionally come across a problem when trying to write to the event log.

"The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security."

The solution to this that has worked in the past on XP and Server 2003 has been to give the correct user or user group Read or Full Control permissions to the 开发者_JAVA技巧registry key for the offending event log group. For example:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ or
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security

This has always worked. But I've come up against Windows 7, with which I'm still very inexperienced.

I'm vaguely aware that Windows 7 and Vista do interesting things to try and downgrade the prominence of the Registry, virtualization and so forth. That gives me a tiny question mark as to whether or not Windows 7 still handles event log security in the same way.

I've done some searching on the topic, but haven't managed to find an answer to what (I thought) would have been a very simple question.

Any help pointing me in the right direction would be great.


I'll follow up Igor with some clarification.

I forgot about this question altogether. Since posting it I had this issue clarified by a sysadmin at a client site.

He pointed out that the Event Source should be created in an installer package. The installer should require administrative permissions to run, which ensures that the current windows user will be allowed to create the event source.

My actual problem was that I was attempting to create the source from within the code itself. Giving the user group permission to do so was a hack work-around that I shouldn't have been doing in the first place.

The production code for this now still attempts to detect the source. On failure it will use the generic 'Application' source in place of the application-specific source.

The application-specific source is now created in the installer, and an entry about this has been included in the administrative documentation for the product.


I do not have an exact answer but, from experience, I know that creating a new source requires elevated permissions (i.e. registry). Non-administrator accounts on Windows 7 and Windows Server 2008 R2 were not able to create these sources without explicit permissions.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜