System.Diagnostics.EventLogPermission Class

Controls code access permissions for event logging.

See Also: EventLogPermission Members


public sealed class EventLogPermission : System.Security.Permissions.ResourcePermissionBase


Do not grant System.Diagnostics.EventLogPermission to partially trusted code. The ability to read and write the event log enables code to perform actions such as issuing event log messages in the name of another application.


If the event source that is specified by the EventLog.Source property for the event log does not exist, a new event source is created. To create an event source in Windows Vista and later versions of Windows, or Windows Server 2003, you must have administrative privileges.

The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a System.Security.SecurityException is thrown.

Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.


Namespace: System.Diagnostics
Assembly: System (in System.dll)
Assembly Versions: 1.0.3300.0, 1.0.5000.0,,