Re: SOS! IIS Stopped working completely!
From: Patrick (patl_at_reply.newsgroup.msn.com)
Date: 04/30/04
- Next message: avnrao: "Re: Variables retaining values"
- Previous message: JezB: "Extender Provider"
- Next in thread: Patrick: "Re: SOS! IIS Stopped working completely!"
- Maybe reply: Patrick: "Re: SOS! IIS Stopped working completely!"
- Reply: Felix Wang: "Re: SOS! IIS Stopped working completely!"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 30 Apr 2004 12:25:31 +0100
According to
http://msdn.microsoft.com/library/en-us/debug/base/event_logging_security.asp?frame=true ,
everyone could write to the Event Viewer!
After setting impersonate=true in machine.config and iisreset, I am still
getting System.InvalidOperationException: Cannot open log for source {0}.
You may not have write access.....
However, taking IWAM_Machine user out of the Guests Security group works!
We had a Domain Controller Security Policy "Restrict guest access to
Application Log" under Security Settings-> Event Log-> Settings for Event
Logs set to ENABLED.
Does IWAM_Machine user needs to be a member of the guest account group?
"Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message
news:BclivVoLEHA.3064@cpmsftngxa10.phx.gbl...
> Hi Patrick,
>
> Thanks for your effort!
>
> I would like to double confirm the following setting with you: Have you
> enabled "Impersonate=true" in the config file now?
>
> Patrick, if we have not enabled Impersonate (Impersonate=false), the
> aspnet_wp.exe will run with the account in <processmodel>. However, if we
> enabled "Impersonate=true", then the aspnet_wp.exe will run with the
> authenticated user account or the anonymous account.
>
> Please perform the following steps to check the settings:
>
> If "Impersonate=false" in the config file:
> ---------------------------------------
>
> Please make sure you have not modify the permission for the "ASPNET"
> account. By default, the ASPNET user account has access to write to the
> application event log. You can also replace "machine" in <processmodel>
> with another user account, who has permission to write Event items to
> perform a test. Please let me know the result.
>
> If "Impersonate=true" in the config file:
> ---------------------------------------
>
> Please make sure the current logon user or anonymous account (if we
enabled
> "Anonymous" authentication for the web application) has write permission
to
> the Event log.
>
> For detail security settings for the event log, please check the following
> articles:
>
> Event Logging Security
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/
> event_logging_security.asp
>
> For more information about security descriptor definition language (SDDL)
> used for the setting, please also check the following information:
>
> Security Descriptor Definition Language
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
> curity/security_descriptor_definition_language.asp
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
> Get Preview at ASP.NET whidbey
> http://msdn.microsoft.com/asp.net/whidbey/default.aspx
>
>
>
- Next message: avnrao: "Re: Variables retaining values"
- Previous message: JezB: "Extender Provider"
- Next in thread: Patrick: "Re: SOS! IIS Stopped working completely!"
- Maybe reply: Patrick: "Re: SOS! IIS Stopped working completely!"
- Reply: Felix Wang: "Re: SOS! IIS Stopped working completely!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
