473,561 Members | 3,803 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

"Permission denied" error while calling WSH's LogEvent method

I am having "Permission denied" error while calling
LogEvent method of WScript.Shell component.
Basically, ASP page calls Windows Script Host Shell
component to log events to the OS Application Event log.

My environment:
Windows Server 2003, IIS 6, WSH, Classic ASP, Vbscript

Below is the code and the error:
Code:
*************** *************** ****
call LogEvent(0, "some text")

Function LogEvent(intEve ntType, strEventMessage )
Set objWshShell = Server.CreateOb ject("WScript.S hell")
call objWshShell.Log Event(intEventT ype, strEventMessage )
Set objWshShell = Nothing
End Function
*************** *************** ****
Error:
*************** *************** ****
Microsoft VBScript runtime error '800a0046'
Permission denied
*************** *************** ****

I made the change below based on 301309 KB article to no
avail.

"...Set the following Registry key to 0 instead of 1, and
then restart your computer for the changes to take effect.
HKLM\System\Cur rentControlSet\ Services\EventL og\Application
Name: RestrictGuestAc cess
Type: REG_DWORD"

I guess Windows Server 2003 configuration is a reason for
the error. Everything worked fine on Win2K server with IIS
5.0

Jul 19 '05 #1
3 19142
Use regedt32, navigate to the same place, right-click the EventLog node,
select Permissions... and make sure IUSR_(your_mach ine_name) has explicit
access.
"Yitzhak" <an*******@disc ussions.microso ft.com> wrote in message
news:03******** *************** *****@phx.gbl.. .
I am having "Permission denied" error while calling
LogEvent method of WScript.Shell component.
Basically, ASP page calls Windows Script Host Shell
component to log events to the OS Application Event log.

My environment:
Windows Server 2003, IIS 6, WSH, Classic ASP, Vbscript

Below is the code and the error:
Code:
*************** *************** ****
call LogEvent(0, "some text")

Function LogEvent(intEve ntType, strEventMessage )
Set objWshShell = Server.CreateOb ject("WScript.S hell")
call objWshShell.Log Event(intEventT ype, strEventMessage )
Set objWshShell = Nothing
End Function
*************** *************** ****
Error:
*************** *************** ****
Microsoft VBScript runtime error '800a0046'
Permission denied
*************** *************** ****

I made the change below based on 301309 KB article to no
avail.

"...Set the following Registry key to 0 instead of 1, and
then restart your computer for the changes to take effect.
HKLM\System\Cur rentControlSet\ Services\EventL og\Application
Name: RestrictGuestAc cess
Type: REG_DWORD"

I guess Windows Server 2003 configuration is a reason for
the error. Everything worked fine on Win2K server with IIS
5.0

Jul 19 '05 #2
I changed registry permissions for Eventlog based on your
recommendation. Internet Guest Account has now Full
Control.

I am getting the same error...

-----Original Message-----
Use regedt32, navigate to the same place, right-click the EventLog node,select Permissions... and make sure IUSR_ (your_machine_n ame) has explicitaccess.
"Yitzhak" <an*******@disc ussions.microso ft.com> wrote in messagenews:03******* *************** ******@phx.gbl. ..
I am having "Permission denied" error while calling
LogEvent method of WScript.Shell component.
Basically, ASP page calls Windows Script Host Shell
component to log events to the OS Application Event log.

My environment:
Windows Server 2003, IIS 6, WSH, Classic ASP, Vbscript

Below is the code and the error:
Code:
*************** *************** ****
call LogEvent(0, "some text")

Function LogEvent(intEve ntType, strEventMessage )
Set objWshShell = Server.CreateOb ject ("WScript.Shell ") call objWshShell.Log Event(intEventT ype, strEventMessage ) Set objWshShell = Nothing
End Function
*************** *************** ****
Error:
*************** *************** ****
Microsoft VBScript runtime error '800a0046'
Permission denied
*************** *************** ****

I made the change below based on 301309 KB article to no
avail.

"...Set the following Registry key to 0 instead of 1, and then restart your computer for the changes to take effect. HKLM\System\Cur rentControlSet\ Services\EventL og\Application Name: RestrictGuestAc cess
Type: REG_DWORD"

I guess Windows Server 2003 configuration is a reason for the error. Everything worked fine on Win2K server with IIS 5.0

.

Jul 19 '05 #3
After a call into Microsoft's PSS, this issue was identified as a bug
and a KB article should be out soon to address this. (After it goes
through the KB group, this will be said to be a feature I'm sure.)

While I was able to write to the event log when logged in as the IUSR
acct via a VBS script, I was not able to write to the event log via
ASP using virtually the same exact script. So, if MS later claims
that this is not a bug, that would be bogus IMO. Anyway, I did as
suggested in this article and it worked. I suggest to Microsoft to
make these security setting available in the Event Viewer in their
next service pack.

The work-around was actually published in an article by Michael Howard
last June:

"Developmen t Impacts of Security Changes in Windows Server 2003"
http://msdn.microsoft.com/library/en...re06122003.asp
Here is the section of interest in that article:

-------------------------------------------------------------
Tighter ACLs on Event Logs

We also tightened up the ACLs on the event logs to restrict what
accounts can read and write to the logs. Better still, the security of
each log is configured locally through the values in the following
registry key:

HKEY_LOCAL_MACH INE\System\Curr entControlSet\S ervices\Eventlo g

For example, the Application log Security Descriptor is configured
through the following registry value:

HKEY_LOCAL_MACH INE\System\Curr entControlSet\S ervices\Eventlo g\Application\C ustomSD

And the System log Security Descriptor is configured through the
following:

HKEY_LOCAL_MACH INE\System\Curr entControlSet\S ervices\Eventlo g\System\Custom SD

The Security Descriptor for each log is specified by using Security
Descriptor Definition Language (SDDL) syntax. The following is an
example from the Application event log:

O:BAG:SYD:(D;;0 xf0007;;;AN)(D; ;0xf0007;;;BG)( A;;0xf0007;;;SY )(A;;0x7;;;BA)
(A;;0x7;;;SO)(A ;;0x3;;;IU)(A;; 0x3;;;SU)(A;;0x 3;;;S-1-5-3)

This string means:

Entry Meaning
O:BA Object owner is Built-in Admin (BA).
G:SY Primary group is System (SY).
D: This is a DACL, rather than an audit entry or SACL.
(D;;0xf0007;;;A N) Deny Anonymous (AN) all access.
(D;;0xf0007;;;B G) Deny Built-in Guests (BG) all access.
(A;;0xf0005;;;S Y) Allow System Read and Clear, including DELETE,
READ_CONTROL, WRITE_DAC, and WRITE_OWNER (indicated by the 0xf0000).
(A;;0x7;;;BA) Allow Built-in Admin READ, WRITE and CLEAR.
(A;;0x7;;;SO) Allow Server Operators READ, WRITE and CLEAR.
(A;;0x3;;;IU) Allow Interactive Users READ and WRITE.
(A;;0x3;;;SU) Allow Service accounts READ and WRITE.
(A;;0x3;;;S-1-5-3) Allow Batch accounts (S-1-5-3) READ and WRITE.

The specific event log access mask bits are:

0x0001 ELF_LOGFILE_REA D Permission to read log files.
0x0002 ELF_LOGFILE_WRI TE Permission to write log files.
0x0004 ELF_LOGFILE_CLE AR Permission to clear log files.

The only time you should see a failure in your application when
writing to the event log is because of an ACL issue. Please do not
relax the ACL too much. Add your own ACE to the SDDL string and then
restart the Event Log service. For example, if your process runs under
an account MyAccount, that has the SID
S-1-5-21-853885456-2109860151-3743179773-1190, and you want the
process to write to the Application log, simply add this string to the
SDDL string in the registry:

(A;;0x2;;; S-1-5-21-853885456-2109860151-3743179773-1190)
-------------------------------------------------------------
NOTE: You will need to get the SID of the IUSR account to apply this
work-around ... I used this script which I scraped from another usenet
posting:

[GetUserSID.vbs]
-------------------------------------------------------------
Dim ArgObj, strComputer, Account

Set ArgObj = WScript.Argumen ts

If ArgObj.Count < 1 or ArgObj.Count >2 Then
DisplayHelpMess age
WScript.Quit (GENERAL_FAILUR E)
End If

Select Case ArgObj.Count
Case 1
strComputer = "."
Account = argObj(0)
Case 2
strComputer = argObj(0)
Account = argObj(1)
End Select
On Error Resume Next

Dim objWMIService, colItems, objItem
Set objWMIService = GetObject("winm gmts:\\" & strComputer &
"\root\cimv 2")
Set colItems = objWMIService.E xecQuery("Selec t * from Win32_Account
where Name = '" & Account & "'" )
For Each objItem in colItems
Wscript.Echo
Wscript.Echo " Account: " & objItem.Caption
Wscript.Echo " SID: " & objItem.SID
Wscript.Echo "Descriptio n: " & objItem.Descrip tion
Wscript.Echo
Next

' ----------------------------------------

Sub DisplayHelpMess age()
WScript.Echo "INVALID ARGUMENTS" & vbCrLf
WScript.Echo "Purpose: to obtain SID from the account name"
WScript.Echo " Usage: " & UCase(WScript.S criptName) & "
[computer_name] account_name" & vbCrLf
End Sub
-------------------------------------------------------------

I hope that helps!


<an*******@disc ussions.microso ft.com> wrote in message news:<01******* *************** ******@phx.gbl> ...
I changed registry permissions for Eventlog based on your
recommendation. Internet Guest Account has now Full
Control.

I am getting the same error...

-----Original Message-----
Use regedt32, navigate to the same place, right-click the

EventLog node,
select Permissions... and make sure IUSR_

(your_machine_n ame) has explicit
access.
"Yitzhak" <an*******@disc ussions.microso ft.com> wrote in

message
news:03******* *************** ******@phx.gbl. ..
I am having "Permission denied" error while calling
LogEvent method of WScript.Shell component.
Basically, ASP page calls Windows Script Host Shell
component to log events to the OS Application Event log.

My environment:
Windows Server 2003, IIS 6, WSH, Classic ASP, Vbscript

Below is the code and the error:
Code:
*************** *************** ****
call LogEvent(0, "some text")

Function LogEvent(intEve ntType, strEventMessage )
Set objWshShell = Server.CreateOb ject ("WScript.Shell ") call objWshShell.Log Event(intEventT ype, strEventMessage ) Set objWshShell = Nothing
End Function
*************** *************** ****
Error:
*************** *************** ****
Microsoft VBScript runtime error '800a0046'
Permission denied
*************** *************** ****

I made the change below based on 301309 KB article to no
avail.

"...Set the following Registry key to 0 instead of 1, and then restart your computer for the changes to take effect. HKLM\System\Cur rentControlSet\ Services\EventL og\Application Name: RestrictGuestAc cess
Type: REG_DWORD"

I guess Windows Server 2003 configuration is a reason for the error. Everything worked fine on Win2K server with IIS 5.0

.

Jul 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
6093
by: Noozer | last post by:
The following javascript code generates an "Access denied" error at the indicated line. This sample should allow the user to click "Browse" and choose a file. Once the user has selected a file the form is automatically submitted. I'm trying to avoid having seperate browse and submit actions. Can someone explain why I'm getting the error...
3
6483
by: Robert Oschler | last post by:
I have a Javascript bookmarklet that people want to add to their bookmarks. In Win 2k and below, addToFavorites() works fine. In Windows XP it generates a permission error and does nothing except show the "javascript error" icon in the lower left hand corner of Internet Explorer. My questions: - Is there a way to do this that works with...
12
2952
by: Vlad de Mille IV | last post by:
Well, as the subject says.... Briefly, when I try to run *any* wizard, I get a simple dialog, stating "Permission Denied", to which I can only click "OK". I suspect this is a windows (XP) problem rather than an actual Access one, as the error only occurs in my power user (and any other) account. It goes away if I am logged on (to windows)...
0
1441
by: Brian Call | last post by:
We have a customer that is getting an "Access is denied" (to a specific dll in the application's bin directory) error on XP when trying to run an ASP.NET application. All the posts and KB articles I have read (such as http://support.microsoft.com/default.aspx?scid=kb;en-us;329065) say that this happens when indexing service is running. But in...
0
3884
by: matsla | last post by:
I have followed all guide lines to set up remote debugging but is it possible to do cross-domain remote debugging? I use same account/password on both computers (XP => 2003), added users to debug group, change DCOM security etc. I get following error in the event log when try to start the remote debugging Visual Studio 2003... DCOM...
4
9747
by: Russell Warren | last post by:
I've been having a hard time tracking down a very intermittent problem where I get a "permission denied" error when trying to rename a file to something that has just been deleted (on win32). The code snippet that gets repeatedly called is here: ... if os.path.exists(oldPath): os.remove(oldPath) os.rename(newPath, oldPath)
1
5119
by: srivatsans101 | last post by:
Hi, I'm trying to access the IFrame contents on a HTML page as frames.document But in IE, I'm getting Access Denied Error Message. I tried to add the IFrame's Src WebSite (a local/intranet hosted dynamic HTML page) to Trusted Sites list in IE Options.
6
4577
by: =?Utf-8?B?UGF1bA==?= | last post by:
I am getting an "Access to the path "xxxx" is denied error. I believe is because the file that I am writing to programatically is being read/written to by another end user. These files have the same file name and must have the same file name. I am essentially overwrite an existing file that is being used by another user. My question: Is...
1
1888
by: =?Utf-8?B?SkI=?= | last post by:
Greetings, I am getting an "Access is denied" Error when calling objects from the AdminIndexServerClass from an ASP.NET application. I use this object to perform a simple rescan on a Catalog after file are save to the local disk. This only works if the users belongs to the local Admin group. The the web site is setup to use Integrated Windows...
0
7570
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7859
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7618
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
1
5472
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5187
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3617
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3600
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2068
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1181
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.