I have a server running Windows 2003 R2 Enterprise Ediditon with Service Pack 2. I reset the Application Event Log Retention policy within EventVwr (right-click on Application, click the radio button next to "Overwrite events as needed".) A few hours later, somehow this setting got reset to "Overwrite events older than 7 days." This happened several times, so I started up RegMon to monitor what was changing this setting. The setting is located at HKLM\System\CurrentControlSet\Services\EventLog\Applicatin\Retention. I found out that services.exe is changing this setting on a regular basis. Can anyone tell me why services.exe would be automatically changing the Event Log retention policy, and how I can make it stop doing that?
Why is services.exe changing the Event Log retention policy
event-log
Related Solutions
To give Network Service
read permission on the EventLog/Security
key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx
- Open the Registry Editor:
- Select
Start
thenRun
- Enter
regedt32
orregedit
- Select
Navigate/expand to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
Right click on this entry and select Permissions
Add the
Network Service
userGive it Read permission
UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.
I am using PowerShell function (calling in Octopus Deploy.ps1)
function Create-EventSources() {
$eventSources = @("MySource1","MySource2" )
foreach ($source in $eventSources) {
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
[System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
}
}
}
A little modification made it for me.. Base recipe is as follows, you might need to add/modify some more to fit your needs.
$ ~ > cp $DJANGO_PATH/utils/translation/ myproject/utils/ -a
and make the modifications given below:
$ ~ > diff $DJANGO_PATH/utils/translation/trans_real.py myproject/utils/translation/trans_real.py -u --- utils/translation/trans_real.py Wed Jan 20 05:07:46 2010 +++ myproject/utils/translation/trans_real.py Wed Jan 20 04:51:39 2010 @@ -435,6 +435,9 @@ endblock_re = re.compile(r"""^\s*endblocktrans$""") plural_re = re.compile(r"""^\s*plural$""") constant_re = re.compile(r"""_\(((?:".*?")|(?:'.*?'))\)""") +jinja_block_re = re.compile(r"""^\s*trans(?:\s+|$)""") +jinja_endblock_re = re.compile(r"""^\s*endtrans$""") def templatize(src): """ @@ -451,7 +454,7 @@ for t in Lexer(src, None).tokenize(): if intrans: if t.token_type == TOKEN_BLOCK: - endbmatch = endblock_re.match(t.contents) + endbmatch = jinja_endblock_re.match(t.contents) pluralmatch = plural_re.match(t.contents) if endbmatch: if inplural: @@ -485,7 +488,7 @@ else: if t.token_type == TOKEN_BLOCK: imatch = inline_re.match(t.contents) - bmatch = block_re.match(t.contents) + bmatch = jinja_block_re.match(t.contents) cmatches = constant_re.findall(t.contents) if imatch: g = imatch.group(1) $ ~ > cp $DJANGO_PATH/core/management/commands/makemessages.py myproject/myapp/management/commands/ $ ~/myproject/ > diff $DJANGO_PATH/core/management/commands/makemessages.py main/management/commands/makemessages.py -u --- /usr/lib/python2.5/site-packages/django/core/management/commands/makemessages.py Wed Jan 20 05:08:37 2010 +++ main/management/commands/makemessages.py Wed Jan 20 05:28:41 2010 @@ -56,7 +56,7 @@ else: settings.configure(USE_I18N = True) - from django.utils.translation import templatize + from myproject.utils.translation import templatize if os.path.isdir(os.path.join('conf', 'locale')): localedir = os.path.abspath(os.path.join('conf', 'locale'))
then calling make messages as follows does the trick
$ ~/myproject/ > ./manage.py mymakemessages -l $LANGUAGE -e .jinja -v 2
my templates are named as templ_name.jinja, you'll need to replace .jinja in the command above with whatever extension you use for your template names.
Best Answer
The usual cause for this would be that the machine is part of a domain and Group Policy is being pushed down and applied by something running within services.exe.
That said - you'd probably be better asking this question at serverfault.com =)