Shunjie's blog

Recently I am migrating my website to a new local server and once everything is up, I do a test run and this error pops out:

System.Security.SecurityException: Requested registry access is not allowed.

Whats wrong?

This error occurs if your application is trying to create an event log but does not have the necessary rights to do so. If you are using Paladin, this happens when Paladin is trying to create an Event Log.

I googled for about an hour before finding the right solution

Around 80% of the solutions ask me to do the following, which I think has serious security implications:
1) Use System and Password = antoGenerate in machine.config
2) Create a new user other than Network Service (the default account running asp.net process)
and then assign the rights for the user to create an event log
3) Edit the registry to add permission to Network Service.


Finally, I found this link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000015.asp

What is recommended is that we DO NOT give Network Service account the rights to create an Event Log, but we create the Event Log first manually.

Simply do the following to create a new Event Log. For Paladin users, the error will be solved. Note that the following are extracted from MSDN.
  
1.  Start the Registry Editor tool Regedit.exe.
  

2. Using the Application Event log, expand the outline list in the left panel to locate the following registry subkey.

     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
 
3. Right-click the Application subkey, point to New, and then click Key.
  
4. Type a new event source name for the key name (in this case, type Paladin)
and press Enter.

Done!

Start > run > eventvwr.msc now and you should be able to see the event log named 'Paladin'. =)

For Paladin I just been told that this is a known issue. While I suppose I put it here so that its easier for others to reference to next time. =)