Thursday 1 May 2014

Add User permissions for EventSource Registry -Powershell

I had a situation to create 10 event sources at registry and add 4 different level of permission for each event sources. This would be an easy and manual task when you want to add it for only one server.

What If you need to do similar job for 10 different servers?  I presume deployment Engineer would take minimum of 1 hour time to do this task. don't you think?


Here is the another way to reduce the time by writing Powershell script.


-------------------------------------------------------------------------------------------------------------------------------

$userInput = Read-Host "Enter the Environment (DEV / SYS ) :"

function AddEventPermissions([string]$Principle, [string]$LogName)
{
    $LogPath = "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\Application\" + $LogName;
    if(Test-Path $LogPath)
    {
        $acl = Get-Acl $LogPath
        $access = [System.Security.AccessControl.RegistryRights]"FullControl"
        $inheritance = [System.Security.AccessControl.InheritanceFlags]"ObjectInherit,ContainerInherit"
        $propagation = [System.Security.AccessControl.PropagationFlags]"None"
        $type = [System.Security.AccessControl.AccessControlType]"Allow"

        $rule = New-Object System.Security.AccessControl.RegistryAccessRule($Principle,$access,$inheritance,$propagation,$type)
        $acl.AddAccessRule($rule)
        
        Set-Acl $LogPath $acl
    }
    else
      {
        Write-Error "Cannot acesss log $LogName"
      }
}

$AppGroup ='';
$isloatedGroup='';

if  ($userInput  -eq "DEV")
{
    $AppGroup ='Domain\DEVUserAccount';
}
elseif ($userInput -eq "SYS")
{
    $AppGroup ='Domain\SYSUserAccount';
}
else
{
    Write-Error "Please select required Environment to Add event log permissions.";
}

if ( $userInput -eq "")
{
    try
      {
            AddEventPermissions $AppGroup 'MYEventLogSource'
       }
      catch [System.Management.Automation.RuntimeException]
        {
            write-Error "Error while adding permissions: $_.Exception.ToString()"
        }
}
---------------------------------------------------------------------------------------------


Drop a comment if this article helped you to solve your problem. you can reach me @ raj.webjunky@yahoo.com