Re: Exception Management App Block - System.ComponentModel.Win32Ex

I have found a solution to this problem. Append the following to the
CustomSD value to give all authenticated users write access:

(A;;0x0002;;;AU)


"Steven Berkovitz" wrote:

> This doesn't really explain why it works if IUSR_MACHINE is a member of the
> Domain Admins group. There must be an ACL somewhere. What about the
> HKLM\System\CurrentControlSet\Services\EventLog\Application\CustomSD value?
>
>
>
> "Steven Cheng[MSFT]" <v-schang@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:dd5mUUnPFHA.1564@xxxxxxxxxxxxxxxxxxxxxxxx
> > Hi Steven,
> >
> > Thanks for the followup.
> > After some further tests, I think the problem is something limited on the
> > WIN2K3 server. In fact, not only the default IUSR_MACHINE, any account(
> > even a custom created local account) which has sufficient permission on
> > the
> > eventlog will failt to write entry when configured as IIS virutual dir's
> > anomymous account and implicitly impersonated in the ASP.NET.( <identity
> > impersonate="true" />)
> >
> > So currently on W2K3 box, I think we have the following approachs:
> > 1. Disable anonymous access for the IIS virutal dir and let the asp.net
> > running under the default process identity( or if impersonate, impersonate
> > the client user rather than the IIS's anonymous user).
> >
> > 2. If we still need to impersonate a certain account, we should use the
> > following configuration to specify the fixed account
> > <identity impersonate="true" userName="..." password="..." />
> >
> > Anyway, since IIS anonymous acccount are too restricted, generally we'd
> > better avoid impersonate this account directly. (using the default process
> > idenity of asp.net is the perfered means).
> >
> > Thanks,
> >
> > Steven Cheng
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
> >
> >
> >
> >
>
>
>
.

Relevant Pages

  • Re: Domain could not be contacted problem
    ... > can either make the process run under a domain account, ... > To impersonate a domain account, you generally do this by enabling ... > impersonating the authenticated user in IIS. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Domain could not be contacted problem
    ... > can either make the process run under a domain account, ... > To impersonate a domain account, you generally do this by enabling ... > impersonating the authenticated user in IIS. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Exception Management App Block - System.ComponentModel.Win32Ex
    ... In fact, not only the default IUSR_MACHINE, any account( ... Disable anonymous access for the IIS virutal dir and let the asp.net ... > running under the default process identity(or if impersonate, ... > the client user rather than the IIS's anonymous user). ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Exception Management App Block - System.ComponentModel.Win32Ex
    ... In fact, not only the default IUSR_MACHINE, any account( ... Disable anonymous access for the IIS virutal dir and let the asp.net ... running under the default process identity(or if impersonate, ... the client user rather than the IIS's anonymous user). ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: SOME Users cannot access OWA others do, error HTTP 500
    ... I understand that some account access OWA ... IIS 6.0 compression corruption causes access violations ... compressed copy of the affected files on the SBS server: ...
    (microsoft.public.windows.server.sbs)