Below is an exception I encountered while running the immediately following code:
The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
The code is
if (!EventLog.SourceExists(this.EventLogSource))
The content of the exception makes sense to me, it's why that doesn't. This line is running in Visual Studio 2010, .NET 4, as a console app ( for the time being ). I have run this in a different environment, but I wouldn't expect the fact that I'm remote desk'ed to break this method. I've tried changing HKML\CCS\Services\eventlog permissions - to no avail, as well as the C:\Windows\System32\Winevt\Logs\Security.evtx permissions. Again, to no avail.
My questions are as follows:
Why isn't there an override to ignore secure logs,
How can I work around this ( programatically )
IS this because I'm remote desked.
Any advice would be great.
Microsoft requires that you be an administrator in order to execute this method for the very reason that you found.
Here is their explanation (from the MSDN documentation):
To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.
How you work around it will depend entirely on exactly what you need to do. The best recommendation if you are not able to log in as an administrator is to attempt to perform your action in a try/catch block and if a SecurityException is thrown, perform some alternate action.
Accessing some EventLogs requires elevation. Run the app as an administrator instead.
I recommend to use Logging Application Block of Enterprise Library in order to implement the correct logging.
Start reading from here
Related
My question is related to write permissions to the Windows Event Log.
I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.
I use C# in .NET 4.0. I use the EventLog class:
EventLog class
In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.
My application is a Windows Service running with one of the following accounts:
Network Service
Local Service
Local System
User with restricted rights (Users or
Domain Users groups)
Here are some other criterias I have:
I cannot put the service user as Administrator, not even local administrator on the server
I cannot edit or alter the registry
I cannot alter the UAC or any group policies on the server
I have a user with Administrator rights, but it cannot be used to run the service
The Event Log will always be the local Event Log, not on a remote machine
The Log will probably always be the "Application" log
The Source may vary, and that seems to be the heart of the problem
My question is : Is this at all possible?
Can I impersonate a user in my code to achieve what I need?
I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.
I stumbled into this class:
EventLogPermission Class
But I cannot seem to get a good concept on how to use the class.
I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.
By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.
If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
A process described in this KB Article. A wevtutil tool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.
The answer showed to be "no".
I realize there are no good way of solving this the way I requested. There must be a manual job done.
So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.
Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.
My question is related to write permissions to the Windows Event Log.
I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.
I use C# in .NET 4.0. I use the EventLog class:
EventLog class
In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.
My application is a Windows Service running with one of the following accounts:
Network Service
Local Service
Local System
User with restricted rights (Users or
Domain Users groups)
Here are some other criterias I have:
I cannot put the service user as Administrator, not even local administrator on the server
I cannot edit or alter the registry
I cannot alter the UAC or any group policies on the server
I have a user with Administrator rights, but it cannot be used to run the service
The Event Log will always be the local Event Log, not on a remote machine
The Log will probably always be the "Application" log
The Source may vary, and that seems to be the heart of the problem
My question is : Is this at all possible?
Can I impersonate a user in my code to achieve what I need?
I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.
I stumbled into this class:
EventLogPermission Class
But I cannot seem to get a good concept on how to use the class.
I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.
By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.
If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
A process described in this KB Article. A wevtutil tool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.
The answer showed to be "no".
I realize there are no good way of solving this the way I requested. There must be a manual job done.
So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.
Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.
i am trying to make an event logger for my cmd line application. However I get this error when it tries to create the log for the first time.
The source was not found, but some or
all event logs could not be searched.
Inaccessible logs: Security.
So I found this is a because of windows 7 and some new security. So right now I have to give the .exe admin rights.
Is there a way around this so it would not need admin rights? I don't know if people would feel too good if they have to contently run my application with admin rights.
I am planning to put this later on a windows 2008 machine so I am guessing it will suffer from the same problem.
You could create the event source at the point of installation so they only need to make that choice once. Once the source is created in the registry you can add events to it without the need for admin rights.
As well as the CreateEventSource function there is also the EventLogInstaller class:
http://msdn.microsoft.com/en-us/library/system.diagnostics.eventloginstaller.aspx
WiX also offers this functionality in it's Utility extension:
How do you create an event log source using WiX
NETWORK SERVICE OR Impersonated User must have Read/Write access to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
I developed a simple windows service in C# as per this article.
http://www.codeproject.com/KB/dotnet/simplewindowsservice.aspx
I was successfully able to start the service for the first time and stop it. During the following attempts, I was not able to start the service. I got the following information.
The MyNewService service on Local
Computer started and then stopped.
Some services stop automatically if
they have no work to do, for example,
the Performance Logs and Alerts
service.
Please help.
I outlined here a method we're using to debug our Windows services. Maybe this will help you trace the error. Basically this sounds like some error is occurring while trying to execute the OnStart method.
Basically this means the main thread of your service has crashed for some reason. The most common I've seen is filesystem access to it's own log files.
Sometimes you can find the reason in the event viewer, but unfortunately a lot of the time the user you're running the service as won't actually have access to log it's error. A simple thing to do if you're in a dev environment is to just give the service an administrator account temporarily, firstly cause it'll tell you whether the crash is being caused by lack of access (cause it'll work) and secondly if it's not it'll allow it to write to the event viewer. Make sure to take the admin access of f once you fix it though, cause long-term that can be very dangerous.
Did you look in the event log? You can usually get more detailed error information there about the service error. Also, are you writing out to a log with your service? That's another way you could figure out what's going wrong.
You can get to the event log by right clicking on Computer and selecting "Manage". Under System Tools, look under Event Viewer->Application. This is on Windows XP, but other Windows OS's should be similar.
If the service is on your development machine, you should be able get Visual Studio's debugger to attach to it as it starts so that you could identify if anything is causing it to crash. It involves a bit of registry editing as described here: http://blogs.msdn.com/greggm/archive/2005/02/21/377663.aspx
It sounds like your main thread is dying for some reason. Put a call to System.Diagnostics.Debugger.Break() in your service's startup code, e.g., the Main entry point, the service constructor, or the OnStart() method. When you start your service from the Services MMC, you'll be prompted to enter a debug session. Once you're in Visual Studio, open the Exceptions dialog (from the Debug menu) and check the boxes in the Thrown column. Then debug from there to find the problem.
I have an 2005 SSIS package that I'm calling in a service created in VS 2005. The package will not run. The purpose of the package is to parse a file and put data into a "Load Table".
The package runs perfectly on its own, but will not run at all when executed programatically - when I'm stepping through the code. The Event Viewer indicates that the package has started but then it indicates that it has failed. I don't get any more information than that.
It's not throwing an exception. It's just returning "Failure". I've tried executing against different databases - Same result. The file it's parsing is valid becuase it runs fine when run on it's own.
The only other thing that I can think of is that I'm having some problem with user permissions, but I have no idea on how to go about looking into that issue. Does anyone have any ideas?
Sounds like a permissions issue. Make sure the process it is running as has the same permissions as the account which you are using to run it interactively.
Without more information it's hard to tell, but this sounds like a permissions issue.
When it's running from code, does the person or user account the code is running under have the appropriate permissions?
For example, if you run it manually, you're most likely using your own credentials. As the developer, I'd assume you have admin rights, so you can perform the task.
However, when run from a program you need to know what user account the program runs under. Is it Asp.Net? The default user is Network Service. Is it a Scheduled Task running under the default Local System account? You'd need to change the account it runs under or grant permissions on the DB appropriately.
When you loaded it from Studio to Integration Services, what Package Protection Level did you use? I've had the best luck with the last in the list: Rely on Server Storage and roles for access control.
Does your package have error logging set up? It could help you to see what the problem is.
Also, does the account for the service running the package have the correct rights to the directory where the file to be picked up is stored not just correct rights in SQL Server? We've had that problem before.
Have you attached Events to the execution of the package? Are you calling the package by code? Which Method are you using?
Please check Loading and Running a Remote Package...
Then when debugging, add a break point at the Console.Write Line where gets info of the error.
Hope it helps,
Arturo