Re: Win2k3 Event Log and Security: Must choose between security and trustworthy

From: Jonathan Folland (jfolland.nospam@earthlink.net)
Date: 04/24/03 

From: "Jonathan Folland" <jfolland.nospam@earthlink.net>
Date: Wed, 23 Apr 2003 17:13:40 -0500

That worked.

Granted I do not like the idea that I have to go into the registry to
creating a setting like this, it works and it is lot better than opening up
the machine by setting the default app pool to run under the system account.

Thaks,

Jonathan

"Roger Down" <roger.down@c2i.net> wrote in message
news:eUicSsZCDHA.3064@TK2MSFTNGP11.phx.gbl...
> Thanks Jonathan for taking the time to write about this important issue...
>
> I have seen many solutions for this problem, and I consider most of them
> hacks... just to get some sort of access to the eventlog. There should be
an
> easier way to have some simple write access to the default eventlog...
> perhaps from web.config or something. I am not a security expert, but how
> dangerous could that be ??
>
> Today I use this "hack" on Windows 2003...:
>
> 1. Open RegEdit
> 2. Goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\
> 3. From the menu, choose Edit->Permissions
> 4. Click the Add button and write NETWORK SERVICE.
> 5. For the NETWORK SERVICE account, set the "appropriate" eventlog
> permissions.
>
> There must be a better/safer/easier solution than this, to achieve some
> simple write access to the eventlog ?
>
> Microsoft document "Building Secure ASP.NET Applications: Authentication,
> Authorization, and Secure Communication" located at
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch08.asp have
> some lines about "Accessing System Resources".
>
>
> Best of regards...
>
>