Re: Tried everything - "Requested registry access is not allowed"

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: LP (LP_at_discussions.microsoft.com)
Date: 11/08/04 

Date: Sun, 7 Nov 2004 23:35:01 -0800

Hi,

I figured out the problem. It was improper access rights (in the event log)
to the account the webservice was running under. When I started looking into
the IIS, I found that the Default application pool ran under the identity of
"Network Service" which is the least priveleged account. Hence it has minimal
access i.e security associated to it is high. This did not allow creating a
new event log and writing into it. I have several options which we can decide
to utilise:

1.Change IIS Isolation Mode Setting:
        Right click on "WebSites" under IIS 6.0. Then Click to open the "Service"
tab. Check the chekcbox labelled "Run WWW service in IIS 5.0 isolation
mode.". Click OK and then restart IIS. This will allow your app to run in IIS
5.0 mode.
2. Change IIS Application Pool Setting:
        Click on Application Pools under IIS. Right click on the "DefaultAppPool".
Go to the "Identity" tab, and change the Predefined value to "LocalSystem".
CLick Yes on the warning and Click OK.
3. Change Registry setting:
        Go to "HKEY_LOCAL_MACHINE\System\CurrentCOntrolSet\EventLog". RIght click
on "eventLog" and choose "permissions". Click on the "Advanced" tab below.
This will open the "Advanced Security settings for event log" dialog box.
Click on the "Add" button in the "Permissions" tab. This will open the
"Select USer or Group" dialog box. Click "Advanced" button and find the
"NETWORK SERVICE" account. Select this account and click on OK. Confirm the
account by clicking OK on the "Select User or Group" dialog box. This will
open the "Permission entry for event log" dialog box. Check on the "Set
Value" and "Create SUbkey" items and click on OK. Now confirm on all the
underlying dialog boxes by clicking on OK.
 I feel the last one is the best solution.

THanks
LP

"Scott M." wrote:

> Just for kicks, change the:
>
> HKLM\System\CurrentControlSet\Services\Eventlog
>
> key so that "Everyone" has full access and try it then.
>
> "LP" <LP@discussions.microsoft.com> wrote in message
> news:07DB319A-1A60-41FF-A1F7-419C192F6B1B@microsoft.com...
> > Hi,
> >
> > My webservice is currently deployed on WIndows 2000 server and runs pretty
> > fine. I am trying to run my webservice on a Windows 2003 server. My
> > webservice tries to write to a eventlog. The code is as follows:
> >
> > System.Diagnostics.EventLog Log = new System.Diagnostics.EventLog(
> > EventLogName );
> > Log.Source = EventLogName;
> > Log.WriteEntry( "PCHistory Service Application started up successfully.",
> > System.Diagnostics.EventLogEntryType.Information );
> >
> > I am getting the following error.
> >
> > System.Security.SecurityException: Requested registry access is not
> > allowed.
> > at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
> > at System.Diagnostics.EventLog.CreateEventSource(String source, String
> > logName, String machineName, Boolean useMutex)
> > at System.Diagnostics.EventLog.WriteEntry(String message,
> > EventLogEntryType
> > type, Int32 eventID, Int16 category, Byte[] rawData)
> > at System.Diagnostics.EventLog.WriteEntry(String message,
> > EventLogEntryType
> > type, Int32 eventID, Int16 category)
> > at System.Diagnostics.EventLog.WriteEntry(String message,
> > EventLogEntryType
> > type, Int32 eventID)
> > at System.Diagnostics.EventLog.WriteEntry(String message,
> > EventLogEntryType
> > type)
> > at PCHistory.PCHistoryService.Log(String Message, EventLogEntryType type)
> > at PCHistory.PCHistoryService.LogInfo(String Message, Object[] args)
> > at PCHistory.PCHistoryService..ctor()
> >
> > I tried the following:
> > 1. Giving full rights to ASPNET account on
> > HKLM\System\CurrentControlSet\Services\Eventlog
> > 2.Giving SetValue and CreateSubkey rights to ASPNET account on the same.
> > 3.Changing machine .config process model attribute of USerName to SYSTEM.
> > 4. Creating the Source manually in the registry.
> >
> > Nothing worked.
> >
> > If u have solution please reply ASAP.
> >
> > Thanks
> > LP
>
>
>

Relevant Pages

  • RE: Whats the Difference between Window 2003 and Windows 2000 regi
    ... It was improper access rights (in the event log) ... "Network Service" which is the least priveleged account. ... 1.Change IIS Isolation Mode Setting: ...
    (microsoft.public.dotnet.security)
  • Event log access rights on Windows 2003
    ... I have a COM object which allows an asp page reading a user defined event ... log (the account used to access the event log is the connected user's one.) ... When I store the page on IIS on a W2000 server, I can use it whathever user ...
    (microsoft.public.windows.server.security)
  • Event log access rights on Windows 2003
    ... I have a COM object which allows an asp page reading a user defined event ... log (the account used to access the event log is the connected user's one.) ... When I store the page on IIS on a W2000 server, I can use it whathever user ...
    (microsoft.public.platformsdk.security)
  • Event log access rights on Windows 2003
    ... I have a COM object which allows an asp page reading a user defined event ... log (the account used to access the event log is the connected user's one.) ... When I store the page on IIS on a W2000 server, I can use it whathever user ...
    (microsoft.public.security)
  • RE: SOME Users cannot access OWA others do, error HTTP 500
    ... I understand that some account access OWA ... IIS 6.0 compression corruption causes access violations ... compressed copy of the affected files on the SBS server: ...
    (microsoft.public.windows.server.sbs)