EDN Admin
Well-known member
Hi,
Im attempting to read an event log on a remote machine and it dies with a message "Attempted to perform an unauthorized operation"
The code I am posting below is just part of the class. It does work if i am reading a local log. At runtime, Im passing setting the user to a local admin and Im passing the correct password.
<pre class="prettyprint /// <summary>
/// Returns a datatable of results from the event log
/// </summary>
/// <param name="dtItemsToCheck </param>
/// <param name="dtEventLog </param>
/// <returns></returns>
public dsChecklist.dtEventLogDataTable ReadEventLog(
string DomainName, string UserName, string MachineNameToQuery, string Password,
dsChecklist.dtEventLogItemsToCheckDataTable dtItemsToCheck,
dsChecklist.dtEventLogDataTable dtEventLog)
{
try
{
foreach (DataRow dr in dtItemsToCheck.Rows)
{
string strQuery = "*[System/EventID=" + dr["InstanceID"].ToString() + "]";
var elQuery = new EventLogQuery(dr["LogType"].ToString(), PathType.LogName, strQuery);
//Remote machine query assignment
System.Security.SecureString pw = new System.Security.SecureString();
//Set the secure string
char[] passwordChars = Password.ToCharArray();
foreach (char c in passwordChars)
{
pw.AppendChar(c);
}
//Build the info for the remote query session
EventLogSession session = new EventLogSession(
MachineNameToQuery,
DomainName,
UserName,
pw,
SessionAuthentication.Default);
//Assign session to current query
elQuery.Session = session;
var elReader = new EventLogReader(elQuery);[/code]
<br/>
The line that it throws the error on is:
<pre class="prettyprint var elReader = new EventLogReader(elQuery);[/code]
<br/>
Does anyone know<br/>
1. If there is a way to elevate the permissions programatically, and if so, how do you do that?
2. Is there a workaround by providing some advanced security setting through the local security policy?
Thanks!
Bob
<br/>
View the full article
Im attempting to read an event log on a remote machine and it dies with a message "Attempted to perform an unauthorized operation"
The code I am posting below is just part of the class. It does work if i am reading a local log. At runtime, Im passing setting the user to a local admin and Im passing the correct password.
<pre class="prettyprint /// <summary>
/// Returns a datatable of results from the event log
/// </summary>
/// <param name="dtItemsToCheck </param>
/// <param name="dtEventLog </param>
/// <returns></returns>
public dsChecklist.dtEventLogDataTable ReadEventLog(
string DomainName, string UserName, string MachineNameToQuery, string Password,
dsChecklist.dtEventLogItemsToCheckDataTable dtItemsToCheck,
dsChecklist.dtEventLogDataTable dtEventLog)
{
try
{
foreach (DataRow dr in dtItemsToCheck.Rows)
{
string strQuery = "*[System/EventID=" + dr["InstanceID"].ToString() + "]";
var elQuery = new EventLogQuery(dr["LogType"].ToString(), PathType.LogName, strQuery);
//Remote machine query assignment
System.Security.SecureString pw = new System.Security.SecureString();
//Set the secure string
char[] passwordChars = Password.ToCharArray();
foreach (char c in passwordChars)
{
pw.AppendChar(c);
}
//Build the info for the remote query session
EventLogSession session = new EventLogSession(
MachineNameToQuery,
DomainName,
UserName,
pw,
SessionAuthentication.Default);
//Assign session to current query
elQuery.Session = session;
var elReader = new EventLogReader(elQuery);[/code]
<br/>
The line that it throws the error on is:
<pre class="prettyprint var elReader = new EventLogReader(elQuery);[/code]
<br/>
Does anyone know<br/>
1. If there is a way to elevate the permissions programatically, and if so, how do you do that?
2. Is there a workaround by providing some advanced security setting through the local security policy?
Thanks!
Bob
<br/>
View the full article