Re: Permissions on Event Log?

Thanks, Andy



Beginning to wonder if anyone is listening...



It's not just an Admin Install but also some method to register the new
source must be performed during the install. Also this is only enforced in
Win2003 Server right now and maybe XP Pro.



Either way seems no one at MS has a Clue and also many others.



Schneider


<Andy> wrote in message news:ueXftO1IHHA.780@xxxxxxxxxxxxxxxxxxxxxxx
Agree with everything you say. I have not found a good way to ensure apps
can write to the event log and have often resorted to code that attempts
to write to the event log and, if it fails, writes to a custom error log
file. This is a complete pain for systems management. Rollout would be
more complicated with an Admin installer and I can't see what the problem
with non-admins writing event logs is anyway.


"schneider" <eschneider@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:e$kGxtuIHHA.420@xxxxxxxxxxxxxxxxxxxxxxx
Again BS reason:
It's not just a disk space issue. For example, if an event log that does
not purge automatically fills up, it can cause important services to no
longer run. Non-administrators should not be able to set up such an
event
log.

Just make them AUTO PURGE! or better yet make the services better...

This is plain and simple: It's easier for MS to add security layers than
just fix the bad design!

And you guys are full of it also...

Schneider

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:Os%23St9rHHHA.1468@xxxxxxxxxxxxxxxxxxxxxxx
"schneider" <eschneider@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:eUPPsSjHHHA.2232@xxxxxxxxxxxxxxxxxxxxxxx
Yes that may work, but why would a developer bother with all this
trouble?

It's not the developer that should be setting up installation via SMS or
an AD GPO, it's the enterprise's IT group. Most commercial software
requires administrative installation, so most companies have usually
found some fairly routine way to deal with these.


He can just create a custom log file, oops! now IT wants to check the
log for errors, where was that file? and how do I view it?

Thats my point...

And why does the event source need to effect the whole system?
If I create a custom log file and fill the entire hard drive that
effects the whole system also...

It's not just a disk space issue. For example, if an event log that
does not purge automatically fills up, it can cause important services
to no longer run. Non-administrators should not be able to set up such
an event log.



Schneider

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:51eb30483b818c8ec40a05e6e80@xxxxxxxxxxxxxxxxxxxxx
In a corp environment you would use a software distribution tool like
SMS or AD group policies - no need to logoff...

Adding an event source affects the whole system and not that single
user - so you need admin privs. as always - and makes sense.


-----
Dominick Baier (http://www.leastprivilege.com)

I can deal with it. I can do alot worse things as non-admin app. I
don't see why it's a problem to log events.

What are the risks? I can create my own log file?
Space usage? Can be addressed.
You could have an admin install, but then the user may need to log
off
the machine. In a corp. enviroment this is a pain. If you give the
users admin right they install everything from spyware to porn.

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message news:OdaBcdgHHHA.3676@xxxxxxxxxxxxxxxxxxxxxxx

When a non-admin user installs an application, there are plenty of
things that the installer should not be allowed to do, regardless of
how much that user might happen to trust the application. If your
application requires creation of an event log, then it should be
installed by an administrator. This is not an uncommon requirement,
and I'm a little puzzled as to why it seems to pose a problem for
you.

"schneider" <eschneider@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:e9oN1PgHHHA.5104@xxxxxxxxxxxxxxxxxxxxxxx

Yes.
I don't agree with that requirement.
So now I need two installs if I'm not admin, just so I can have an
event
log?
I can create my own log file without admin privileges.
Windows should be able to provide some basic log file needs. When a
user
installs an app. they are already trusting the application. The
Event log
can be viewed remotely from windows admins, by making it difficult
to use
they are making harder for IT to manage apps through a know/common
interface.
Schneider

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb30483a388c8eb68b4e3e110@xxxxxxxxxxxxxxxxxxxxx

You can only register event source when you have administrative
privileges.
Build a small app that pre-creates the event sources at deployment
time
(with admin privileges) - afterwards you can use them from
normal-user
processes.
-----
Dominick Baier (http://www.leastprivilege.com)
I did find some new info:
http://msdn2.microsoft.com/en-us/library/5zbwd3s3.aspx
Basicly allows you to register a source during runtime. Have not
tried
it yet myself.
Schneider

"schneider" <eschneider@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23R6U$iIGHHA.3952@xxxxxxxxxxxxxxxxxxxxxxx

Whats the deal here MS?

Has Issues in Win2003, only way to allow is a Regedit hack or
Installer
class? What kind of BS is this?
So what evey time I install to Win2003 I need to add X number of
Application Sources to the Event log system?
What if the Log is Full?
So what we do our own file log? Then Admin can't check them as
easily...

How about a real solution...

Schneider













.

Relevant Pages

  • Re: Permissions on Event Log?
    ... If I create a custom log file and fill the entire hard drive that effects ... Adding an event source affects the whole system and not that single ... You could have an admin install, but then the user may need to log off ...
    (microsoft.public.dotnet.security)
  • Re: Permissions on Event Log?
    ... Adding an event source affects the whole system and not that single user - so you need admin privs. ... You could have an admin install, but then the user may need to log off ... I can create my own log file without admin privileges. ...
    (microsoft.public.dotnet.security)
  • Re: Permissions on Event Log?
    ... If I create a custom log file and fill the entire hard drive that effects ... Adding an event source affects the whole system and not that single user - ... You could have an admin install, but then the user may need to log off ...
    (microsoft.public.dotnet.security)
  • Re: Permissions on Event Log?
    ... I can do alot worse things as non-admin app. ... You could have an admin install, but then the user may need to log off the ... I can create my own log file without admin privileges. ...
    (microsoft.public.dotnet.security)
  • Re: Permissions on Event Log?
    ... write to the event log and, if it fails, writes to a custom error log file. ... complicated with an Admin installer and I can't see what the problem with ... user - so you need admin privs. ...
    (microsoft.public.dotnet.security)