Monday, December 1, 2008

Event Log access permissions for ASP.NET application pools

When running an application pool in IIS under a different user than the default, for an application that requires write access to the Event Log (for example, when trying to create a new event source in your application), it is necessary to grant that user sufficient access to the event log in the registry. Otherwise, you would receive the following error:

System.Security.SecurityException: Requested registry access is not allowed.

However, using Windows 2003 Server, I found that granting ‘read’ access to the event log wasn’t enough; the full set of permissions I ended up need to grant to the app pool user on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog key in the registry is as follows:

Permissions for event log access in IIS

I hope that this helps someone.

posted by Nick at 7:43 pm - filed in windows