ASP.NET Permission Writing to NT Event Log

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: JT (jtaylor1024_at_gmail.com)
Date: 03/23/05 

Date: 23 Mar 2005 14:47:17 -0800

Microsoft Please Help!!!

Can anyone out there give me a definitive explanation on EXACTLY what
rights an account needs to be able to both create and write to the NT
Event Log from ASP.NET in windows 2000 and 2003 server? I would like
to see a list of files and registry keys are required for the aspnet
account to perform this functionality...

This seems to be an issue on any machine that I install on... My event
log class looks exactly like this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemdiagnosticseventlogclasstopic.asp

I have tried the following and can only seem to get my apps to write to
the log successfully if they run as an admin...

I have tried:

The full control registry permissions and subkeys as well as the create
source installer found in http://support.microsoft.com/?id=329291

Creating the event log source manually in the registry

Granting ASPNET full control of C:\WINDOWS\system32\config

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbconsecurityramificationsofeventlogs.asp
This article says "The impersonation identity must have sufficient
privileges to create categories". It does not describe what privledges
are needed though?

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbconsecurityramificationsofeventlogs.asp
This article says world should be able to write to the application
log... But that doesn't seem to work either...

Finally I read that you need to make aspnet run as system... That
doesn't seem like a security best practice either...

Any help would be appreciated!