UAC and IISLogs 2.0

Configuring IISLogs 2.0 to work with UAC (User Account Control)

Download Registry Files

This article covers how to use  IISLogs 2.0 while UAC (UAC Account Control) is enabled.  UAC was introduced with Vista and Windows Server 2008.   From questions we’ve seen from our clients, Windows 7 and Windows Server 2008 R2 appears to be implementing UAC more often.  For more information about UAC, click here.

IISLogsEXE Stand-Alone EXE and Service uses two configuration files, IISLogsEXE.exe.config, IISLogsSVC.exe.config.  A third file called SampleZipPerDirectory.xml stores Per Directory information.  IISLogsGUI is used strictly to manage these files.  When you first install IISLogs, then launch IISLogsGUI, a feature called “QuickConfig” checks for a registry entry in HKLM\Software\IISLogs. If the registry key is not present, our intention is to present a Quick Config” when first configuring IISLogs.  Quick Config reads the local IIS Metabase (The IIS 6 Metabase Compatibility role service is required to be installed), which retrieves a list of sites that can be managed.   The “Quick Config” wizard walks through common configuration items.  After “Quick Config” is complete, IISLogsGUI writes to the registry IISLogs is installed. QuickConfig can be used in future instances within IISLogsGUI, but won’t be presented when IISLogsGUI is used.   UAC (user account control) prevents access reading or writing to the registry unless using elevated permissions.  If you are trying to configure IISLogs using the default UAC, you’ll get some unexpected behavior including errors.   I’ve tried to highlight the reason why along with screenshots.    These symptoms and errors occur right after installing either IISLogsEXE or IISLogsSVC and running IISLogsGUI,

Assuming you have websites configured on your server, the QuickConfig wizard will not display any sites, here is a screen shot.  This is because IISLogsGUI can’t read the metabase.   To get by this issue, click cancel twice to get IISLogsGUI to display.

After you have clicked cancel twice, IISLogsGUI will come up.  When you try to configure any settings, an error will be displayed.   There is a few things happening, 1) Access to Write to configuration files mentioned above is denied 2) IISLogsGUI can’t write to the “Logs” folder under InstallFolder\IISLogsSVC2 or InstallFolder\IISLogsEXE2.

At this point, IISLogs is not in a very usable state.  Many features such as “Auto-Add” will not function because access to metabase is denied.  Other functionality will be restricted as well.

Here are a few options.  Before proceeding with any of the options listed, we strongly recommend you perform this in a non-production to determine the best settings.  This includes performing a backup of your registry.  http://support.microsoft.com/kb/322756

1) Manually add the IISLogs registry entry to let IISLogsGUI know it’s installed.  This will prevent the QuickConfig from coming up.

Create a file named IISLogsInstalled.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\IISLOGS]
“Installed”=”True”

2) Grant the Users local group ‘modify’ NTFS permissions on the InstallFolder\IISLogsSVC2 or InstallFolder\IISLogsEXE2 folder and all subfolders.  You will also need to grant Users ‘modify’ access on all folders you want IISLogs to process, including log folders.   By Default, IISLogs only grants Administrators and SYSTEM full control.   This would require adding USERS group to log files can be processed.  The reason is because IISLogs would run as a “normal” user needing permissions.

3) Our recommended approach is to add IISLogs processes to the AppCompatFlags registry key.  This allows programs to run under Administrator Privileges.   The only thing added to the system is multiple registry keys.  This can be either done manually or using Group Policy.

For IISLogs 2.0 IISLogs StandAlone Exe

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
“C:\\Program Files (x86)\\IISLogsEXE2\\IISLogsGUI.exe”=”RUNASADMIN”
“C:\\Program Files (x86)\\IISLogsEXE2\\IISLogsEXE.exe”=”RUNASADMIN”

For IISLogs 2.0 Service edition

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
“C:\\Program Files (x86)\\IISLogsSVC2\\IISLogsSVC.exe”=”RUNASADMIN”
“C:\\Program Files (x86)\\IISLogsSVC2\\IISLogsGUI.exe”=”RUNASADMIN”

4) You can disable UAC on the system all together.   Depending on your company policies, if UAC is disable IISLogs 2.0 will act as normal.

If you have any further questions, errors that are occurring regarding UAC.  Please contact us at info@iislogs.com

Thank you,

Steve Schofield
Windows Server MVP – IIS
http://www.iislogs.com/steveschofield

http://www.IISLogs.com
Log Archival Solution.
Install, Configure, Forget

Features

  • Supports running in UAC
  • Manage Logs from other products
  • Move ZIP files to remote central location
  • Windows Service or Console App Version
  • Zip Storage Preference ( Daily, Weekly, Monthly )
  • Per Directory
  • Supports unattended installs
  • many more features