Re: Windows Service - Event Log


"Kevin Spencer" <uce@xxxxxxx> wrote in message
news:O8fkyjFnGHA.4784@xxxxxxxxxxxxxxxxxxxxxxx
| Just one comment:
|
| > None of the services run as Administrator, a great deal run as SYSTEM
(on
|
| I didn't say the Administrator account. I said "a member of the
| Administrators group on the local machine."
|
Nor did I, an Administrator IS a member of the administrators group, I
didn't spell THE Administrator, right? But if you insist, none of my
services run as 'a member of the Administrators group".


| That said, I didn't advocate using a member of the Administrator's group;
it
| was just information.
|
| As to whether or not a Service should run as the Local System account,
| that's a matter of what the Service does (requirements). Whether it should
| be run as Local System just to create an Event Log, that isn't necessary,
as
| the installation could set up the Event Log. Of course, the person running
| the installation would have to be a member of the Administrator's group to
| do this.

Sure, but that's the role of an admin, execute tasks that require
administrative privileges. The problem with the framework however is, that
none of the API's are documenting these security requirements.

Consider the sample in the docs:
// Create the source, if it does not already exist.
if(!EventLog.SourceExists("MySource")){
EventLog.CreateEventSource("MySource", "MyNewLog");
Console.WriteLine("CreatingEventSource");

....

This should be run by an "administrator", for two reasons:
1. The CreateEventSource call, creates the key MySource in
HKLM/System/CurrentControlSet/Services/Eventlog
2. and CreateEventSource creates the logfile in %windir%\system32\config
which only allows admins to create files into.

Someone running this code as non-admin, will encounter two security issues
and will start tweaking the registry and the filesystem, bummer. More, he
will probably post this as THE solution for the issue at hand.

Willy.







.

Relevant Pages

  • Re: Windows Service - Event Log
    ... I didn't say the Administrator account. ... Administrators group on the local machine." ... I didn't advocate using a member of the Administrator's group; ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: User rights and XPe Component Database
    ... - On a PC, I installed the tools and SP2 update, database etc.. ... - I create a new local user on this machine, I called it XPeUser ... I add XpeUser as a member of the Administrators ... Of course he souldn't be administrator. ...
    (microsoft.public.windowsxp.embedded)
  • Re: Setting a password on an AD account...
    ... I assume it's running in a restricted account right? ... You don't use SSL to bind, and as this runs from a server which is not a domain member (a ... this one fails when the current user is not an administrator on the DC. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Administrator Logon failure
    ... you have no problem logging on to the server via a Remote Desktop ... The account you use is a member of Domain Power Users or Remote Operators ... By default in SBS Local Security Policy, SBS Remote Operators ... Remove these groups from administrator via a TS session. ...
    (microsoft.public.windows.server.sbs)
  • Re: Need Administrator Rights to Install 3COM Diagnostics
    ... which your user account object is a member. ... There is a lot of software that requires that the domain user account object ... that you are using when attempting to install software is a member of the ... As a member of the local computer's Administrator group ...
    (microsoft.public.win2000.group_policy)