Search code examples
c#.netservicewindows-servicesevent-log

EventLog write permissions

My question is related to write permissions to the Windows Event Log. I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.

I use C# in .NET 4.0. I use the EventLog class: EventLog class

In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.

My application is a Windows Service running with one of the following accounts:

  • Network Service
  • Local Service
  • Local System
  • User with restricted rights (Users or Domain Users groups)

Here are some other criterias I have:

  • I cannot put the service user as Administrator, not even local administrator on the server
  • I cannot edit or alter the registry
  • I cannot alter the UAC or any group policies on the server
  • I have a user with Administrator rights, but it cannot be used to run the service
  • The Event Log will always be the local Event Log, not on a remote machine
  • The Log will probably always be the "Application" log
  • The Source may vary, and that seems to be the heart of the problem

My question is : Is this at all possible?

Can I impersonate a user in my code to achieve what I need? I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.

I stumbled into this class: EventLogPermission Class

But I cannot seem to get a good concept on how to use the class.

I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.

Solution

  • The answer showed to be "no".

    I realize there are no good way of solving this the way I requested. There must be a manual job done.

    So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.

    Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.