Search code examples
loggingwindows-vistawindows-server-2003

Does Event logger in C# needs admin privileges to write logs into Windows Event Viewer?


In my C# application I am using the EventLog class to log messages. It works perfectly fine on my machine, but doesn't work on a client machine.

The client machine configuration is different than my machine. My machine has Vista OS, whereas the client has Windows Server 2003.

I have admin rights on my machine whereas on the client machine my application runs under non-admin user privileges.

On the client machine I get an error:

Faulting application <app_name>, version ,faulting module kernel32.dll

My application stopped crashing on the client machine when I commented out EventLog.WriteEntry() method calls and started to write logs into a simple text file.

So I was just wondering whether event logging needs administrator privileges or what?

Environment detail : C# (.NET 2.0 Framework), on Windows Server 2003


Solution

  • System.Diagnostics.EventLog class in .NET Framework 3.5 @ MSDN:

    If you write to an event log, you must specify or create an event Source. You must have administrative rights on the computer to create a new event source.

    ...

    If the event source for the event log associated with the EventLog instance doesn't exist, a new event source is created. To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative credentials.

    This requirement is because all event logs, including Security logs, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the Security log; therefore, a SecurityException is thrown.