Saturday, October 06, 2012 1:17 PM
I am writing a script with custom delegation to write an event in application logs.
I want a specific group members to write into application log, I tried a lot using SSDL string manipulation but no go, still getting access denied error.
I have added that particular group with read/write access on C:\Windows\system32\winevt\LogsHKLM\System\CurrentControlSet\
Edit/Create a new string value called CustomSD.
Tried using wevtutil and changed the channelAccess entry and tried to import but its also failing. Tried GPO method to modify Sceregvl.inf file but still same error and if i dump the SSDL i can't see that group SID added to channelAccess entry (wevtutil gl application >ca.txt).
wevtutil sl Application /
ca:O:BAG:SYD:(A;;0xf0007;;;SY)( A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0 x3;;;IU)(A;;0x3;;;SU)(A;;0x3;; ;S-1-5-3)(A;;0x3;;;S-1-5-33)(A ;;0x1;;;S-1-5-32-573)(A;;0×3;; ;<GroupSID>)
Here is the code snippet.
$Date = get-date
$Edate = $Date.AddMinutes($TimeInterval
$Interval = ($Edate-$Date).TotalMinutes
$CurrentUser = [System.Security.Principal.Win
$Message = "Maintenance Mode: ON for " + $Interval + " minutes: " + $Interval + " . Turned on by:`r`n`r`n" + $CurrentUser
$WSH = New-Object -com WScript.Shell
Is there anything I am missing? NOTE: I am using PSRemoting to write these events but I tried locally as will without any success. Any help or pointers will be appreciated.
- Edited by P-R Saturday, October 06, 2012 1:18 PM
Saturday, October 06, 2012 1:31 PM
Please post this in the scripting forums
- Edited by Syed KhairuddinMVP Saturday, October 06, 2012 1:31 PM
- Proposed As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Monday, October 08, 2012 8:35 AM
- Marked As Answer by Santosh BhandarkarMicrosoft Community Contributor, Moderator Wednesday, October 10, 2012 3:42 AM
Saturday, October 06, 2012 1:39 PMThanks Sayed, though I thought its more a permission issue than script. That's why I posted it here.
- Edited by P-R Saturday, October 06, 2012 1:41 PM