I'm attempting to set a non admin up with the ability to write events to the application log via powershell remotely. Remoting works, I can read the registry, etc. Just not write to the event log.
invoke-command -ComputerName myhost { write-eventlog -LogName Application -Source CMS -EntryType Information -EventID 200 -Message "Testing CMS event" }
The error is
The registry key for the log "Application" for source "CMS" could not be opened.
+ CategoryInfo : PermissionDenied: (:) [Write-EventLog], Exception
+ FullyQualifiedErrorId : The registry key for the log "Application" for source "CMS" could not be opened.,Microsoft.PowerShell.Commands.WriteEventLogCommand
The fix of changing the registry rights described doesn't work, and I can actually iterate the registry as the non admin user without issue:
invoke-command -ComputerName myhost { Get-ChildItem "HKLM:\system\currentcontrolset\services\eventlog\application\" }
I've seen a number of old articles regarding this issue.
I have tried enabling auditing on this key (which shows no access) and using procmon on both the client machine. How do I get this working?
Best Answer
Ran into the same problem, modifying the permission using wevtutil.exe worked for me. Happy SDDL editing!
Writing to the Windows Event Log from an ASP.NET or ASP application fails.