My ASP.NET application needs to be able to write to the windows event log and read from the windows event log using WMI. I don't want the application account- currently NETWORK SERVICE, to be able to delete or modify event log entries.
Yeah, I konw that a malicious user would still be able to clear the event log by flooding it until it rolls over, but I can live with that.
EDIT: Another way to put the question-- is there any way I can have my app write to the windows event log (application, or custom log) and know the log entries weren't subsequently tampered with by the application that wrote the log entry?
EDIT: If the solution requires using something other than the default NETWORK SERVICE account to run asp.net, that's good too.
I don't think you can get that granular on an event log. How about creating a custom event log for your app and logging to it?
Modifying the access rights of the NETWORK SERVICE account can potentially lead to Bad Things in the future. Even if it could be done in the way you want, at the very least it's another config step for any potential customer to do, and one that they may not be happy with. A golden rule is not to mess with built-in functionality.
In this case, NETWORK SERVICE writes other events from other apps and OS processes to the logs, and you don't want to break that, do you? I'm not trying to be rude here, but your app may not be the only one on the machine, so it needs to play nice.