C# 事件日志写入权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14245345/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
EventLog write permissions
提问by Mats Magnem
My question is related to write permissions to the Windows Event Log. I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.
我的问题与对 Windows 事件日志的写入权限有关。我查看了几篇与此相关的帖子,并找到了一些解决我的问题的方法,但对于我当前的情况,这些都不可接受。
I use C# in .NET 4.0. I use the EventLog class: EventLog class
我在 .NET 4.0 中使用 C#。我使用 EventLog 类: EventLog 类
In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.
简而言之,我需要看看是否有办法模拟或使用经过身份验证的用户和密码进行身份验证,以达到我需要写入事件日志的权限。服务器将始终在 Windows Server 系列中,但版本可能会有所不同。
My application is a Windows Service running with one of the following accounts:
我的应用程序是使用以下帐户之一运行的 Windows 服务:
- Network Service
- Local Service
- Local System
- User with restricted rights (Users or Domain Users groups)
- 网络服务
- 本地服务
- 本地系统
- 具有受限权限的用户(用户或域用户组)
Here are some other criterias I have:
以下是我的其他一些标准:
- I cannot put the service user as Administrator, not even local administrator on the server
- I cannot edit or alter the registry
- I cannot alter the UAC or any group policies on the server
- I have a user with Administrator rights, but it cannot be used to run the service
- The Event Log will always be the local Event Log, not on a remote machine
- The Log will probably always be the "Application" log
- The Source may vary, and that seems to be the heart of the problem
- 我不能把服务用户作为管理员,甚至不是服务器上的本地管理员
- 我无法编辑或更改注册表
- 我无法更改服务器上的 UAC 或任何组策略
- 我有一个具有管理员权限的用户,但它不能用于运行该服务
- 事件日志将始终是本地事件日志,而不是在远程机器上
- 日志可能永远是“应用程序”日志
- 来源可能会有所不同,这似乎是问题的核心
My question is : Is this at all possible?
我的问题是:这可能吗?
Can I impersonate a user in my code to achieve what I need? I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.
我可以在我的代码中模拟用户来实现我的需要吗?在连接到 Web 服务、登录到 smtp 服务器以及当然登录到数据库等时,我都会这样做。
I stumbled into this class: EventLogPermission Class
我偶然发现了这个类: EventLogPermission Class
But I cannot seem to get a good concept on how to use the class.
但我似乎无法对如何使用该类有一个好的概念。
I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.
我希望我已经很好地表达了我的问题。由于我的标准,我不认为这是另一个帖子的重复。
采纳答案by Mats Magnem
The answer showed to be "no".
答案显示为“不”。
I realize there are no good way of solving this the way I requested. There must be a manual job done.
我意识到没有按照我要求的方式解决这个问题的好方法。必须手动完成。
So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.
因此,我针对此场景选择的解决方案是,无法以管理员身份运行服务或手动编辑注册表的客户无法使用日志记录到事件日志的功能。我将使从配置启用和禁用日志记录成为可能。
Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.
管理员用户和注册表编辑对我来说是已知的方式,但正如我所说的那样我试图避免。但这一次,按照我的标准,这似乎是不可能的。
回答by seva titov
By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.
默认情况下,任何经过身份验证的用户都可以写入应用程序事件日志。但是,只有管理员才能创建新的事件源。如果在服务安装时知道所有事件源,我建议提前注册这些源,然后您就可以全部设置了。注册是对EventLog.CreateEventSource的简单调用。
If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:
如果您需要更多的事件源灵活性,您可以自定义权限。可以通过调整注册表项来自定义这些默认值:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
A process described in this KB Article. A wevtutiltool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.
此知识库文章中描述的过程。一个wevtutil工具,它是操作系统的一部分,在 Server 2008 及更高版本上可用,使它比通过 regedit 更容易一些。
