Least privileged accounts, such as ASPNET, have sufficient permissions to be able to write records to the event log using existing event sources. However, they do not have sufficient permissions to create new event sources. To do this, you must place a new entry beneath the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\<log>
To avoid this issue, you can create event sources at installation time when administrator privileges are available. You can use a .NET installer class, which can be instantiated by the Windows Installer (if you are using .msi deployment) or by the InstallUtil.exe system utility if you are not. For more information about using event log installers , see Chapter 10, "Building Secure ASP.NET Web Pages and Controls."
If you are unable to create event sources at installation time, you must add permission to the following registry key and grant access to the ASP.NET process account or to any impersonated account if your application uses impersonation.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
At minimum, the account(s) must have the following permissions:
Query key value
Set key value
Create subkey
Enumerate subkeys
Notify
Read