You have to run elevated to access the security log with any tool.
I see you have tried to run it as System.
Maybe this will help understand the permissions required:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa363658%28v=vs.85%29.aspx
Can you write to other event logs? can you post what you have for code so far?
- Edited by CountryStyle Wednesday, January 28, 2015 1:08 AM
To start with, I was just trying to see if I could get a basic command to run successfully before spending the time to put it in code. For example, I setup a scheduled task to run as System, and run the following:
Powershell -Command "& {write-eventlog -logname Security -source Microsoft-Windows-Security-Auditing -eventID 777 -entrytype Information -message "Did-it-work?"}"
Running the task didn't result in any Security Events being created.
If I try running that from an admin CMD prompt, I get the following:
C:\Windows\system32>powershell -Command "& {write-eventlog -logname Security -source Microsoft-Windows-Security-Auditing -eventID 777 -entrytype Information -me
ssage "Did-it-work?"}"
write-eventlog : The registry key for the log "Security" for source
"Microsoft-Windows-Security-Auditing" could not be opened.
At line:1 char:4
+ & {write-eventlog -logname Security -source
Microsoft-Windows-Security-Auditing ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : PermissionDenied: (:) [Write-EventLog], Exception
+ FullyQualifiedErrorId : AccessDenied,Microsoft.PowerShell.Commands.Write
EventLogCommand
I recommend learning how to read the error messages:
+ CategoryInfo : PermissionDenied: (:) [Write-EventLog], Exception
You do not have permission. The security log is not an application log. Use the Application log for simple status logging. The security log is for special things not including scripting.
This topic is archived. No further replies will be accepted.
Other recent topics
