UAC and IISLogs 4.0

Configuring IISLogs 4.0 to work with UAC (User Account Control)

Download IISLogs 4.0 Registry files

You tube Video
Install and Configure IISLogs 4.0 with UAC enabled – Windows 2012 R2

This article covers how to use IISLogs 4.0 while UAC (UAC Account Control) is enabled.  UAC provides additional security.  IISlogs 4.0 will work when one of the following options is implemented.  For more information about UAC, click here.

IISLogsEXE Stand-Alone EXE uses a configuration file called IISLogsEXE.exe.config, IISLogsSVC Windows Service uses IISLogsSVC.exe.config.  Both programs use a file called IISLogspPerDirectory.xml, which stores Per Directory information.  IISLogsGUI is used to strictly manage these files.  When UAC is enabled, you’ll need to select “Run as Administrator” when launching IISLogsGUI.

When you first install IISLogs, then launch IISLogsGUI, a feature called “Easy Config” checks for a file called QuickWizardComplete.txt located InstallDir\Logs\QS\.  Our intention is present a Quick Config when first configuring IISLogs.  Easy Config reads the local IIS Metabase (Requires the IIS 6 Metabase Compatiblity Role Service be installed), which retrieves a list of sites.   The “Easy Config” wizard walks through common configuration items.  After “Easy Config” is complete, IISLogsGUI writes to the QuickWizardComplete.txt file.  Easy Config can be used in future instances within IISLogsGUI, but won’t be presented when using IISLogsGUI.

UAC (user account control) prevents access reading or writing to the registry unless using elevated permissions.  If you are trying to configure IISLogs using the default UAC, you’ll get some unexpected behavior including errors.   I’ve tried to highlight the reason why along with screenshots.    These symptoms and errors occur right after installing either IISLogsEXE or IISLogsSVC and running IISLogsGUI.

Assuming you have websites configured on your server, the QuickConfig wizard will not display any sites, here is a screen shot.  This is because IISLogsGUI can’t read the metabase.   To get by this issue, click cancel twice to get IISLogsGUI to display.  Relaunch IISLogsGUI using the “Run As Administrator” option.

After you have clicked cancel twice, IISLogsGUI will come up.  When you try to configure any settings, an error will be displayed.   There is a few things happening, 1) Access to Write to configuration files mentioned above is denied 2) IISLogsGUI can’t write to the “Logs” folder under InstallFolder\IISLogsSVC4 or InstallFolder\IISLogsEXE4.

At this point, IISLogs is not in a very usable state.  Many features such as “Auto-Add” will not function because access to Metabase is denied.  Other functionality will be restricted as well.

Here are a few options.  Before proceeding with any of the options listed, we strongly recommend you perform your testing in a non-production to determine the best settings.

Add to Registry

1) Our recommended approach is add IISLogs processes to the AppCompatFlags registry key.  This allows programs to run under Administrator Privileges.   The only thing added to the system is multiple registry keys.  This can be either done manually or using Group Policy.  We’ve included the registry entries that need to be added.  We’ve provide sample registry files within the setup files when IISLogs is downloaded.  Please view the install location before adding to your machine.

For IISLogs 4.0 IISLogs StandAlone Exe

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
“C:\\Program Files (x86)\\IISLogsEXE4\\IISLogsGUI.exe”=”RUNASADMIN”
“C:\\Program Files (x86)\\IISLogsEXE4\\IISLogsEXE.exe”=”RUNASADMIN”

For IISLogs 4.0 Service edition

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
“C:\\Program Files (x86)\\IISLogsSVC4\\IISLogsSVC.exe”=”RUNASADMIN”
“C:\\Program Files (x86)\\IISLogsSVC4\\IISLogsGUI.exe”=”RUNASADMIN”

2) You can disable UAC on the system all together.   Depending on your company policies, if UAC is disable IISLogs 4.0 will act as normal.

If you have any further questions, errors that are occurring regarding UAC.  Please contact us at info@iislogs.com

Thank you,

Steve Schofield
Windows Server MVP – IIS
http://www.iislogs.com/steveschofield

http://www.IISLogs.com
Log Archival Solution.
Install, Configure, Forget