How to allow a domain user to write the Windows Event Log (2008 R2 or newer) without Local Admin privileges?
You can do this by modifying the permissions of the registry entries for the Event log using Regedit.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System\CustomSD
This article from Microsoft has the details which are different based on your situation so I won't repeat them here.
Related videos on Youtube
![I say Reinstate Monica](https://i.stack.imgur.com/rX1ss.png?s=256&g=1)
I say Reinstate Monica
I am protesting the unjust firing and subsequent treatment of Monica Cellio. Starting points if you're looking for background on this issue: https://judaism.meta.stackexchange.com/q/5193/472 https://meta.stackexchange.com/q/333965/162102
Updated on September 18, 2022Comments
-
I say Reinstate Monica almost 2 years
We are very concerned about security so we don't grant local admin privileges if not fully required or troubleshooted first.
I have an application provider who needs to write the Windows Event Log. The credentials to run their services are from a generic domain user. This generic user was already made a member of the "Power Users" group but we are still unable to write the Windows Event Log. Of course if I grant membership in the "Local Administrators" group it works fine.
How do I allow a generic user to write to the Windows Event Log on Windows Server 2008 R2 or newer without granting the user Local Admin privileges?
Using other system accounts such as "SYSTEM, NETWORK or LocalService" are NOT an option; it must run with a domain user.
-
Admin over 7 yearsWriting to the Windows Event Log from an ASP.NET or ASP application fails and [How to set event log security locally or by using Group Policy in Windows Server 2003 ](support.microsoft.com/en-us/kb/323076) should give you a starting point
-