CreateEventSource generates exception even under Admin account

Question

I am running this code under an account that is an Administrator:

if (EventLog.Exists("AppName") == false)
    EventLog.CreateEventSource("AppName", "Application");  // exception here

It throws a SecurityException:

"The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security."

I can write events to the EventLog without doing this but it includes this crappy looking text in the log:

"The description for Event ID 0 from source Application cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer."

What am I missing?

Answer 1

I don't know if this is the best way to handle the problem but it works and I couldn't find a better solution:

// ---- Create Event Log Source ---------------------------------
//
// returns True if is it created or already exists.
//
// Only administrators can create event logs.

static public bool CreateEventLogSource()
{
    System.Diagnostics.Debug.WriteLine("CreateEventLogSource....");

    try
    {
        // this call is looking for this RegKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\<app Name>
        if (EventLog.SourceExists(Application.ProductName))
        {
            System.Diagnostics.Debug.WriteLine("Log exists, returning true.");
            return true;
        }
    }
    catch (System.Security.SecurityException)
    {
        // it could not find the EventLog Source and we are not admin so this is thrown 
        // when it tries to search the Security Log. 
        // We know it isn't there so ignore this exception
    }

    System.Diagnostics.Debug.WriteLine("EventLog Source doesn't exist....try to create it...");

    if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
    {
        System.Diagnostics.Debug.WriteLine("Running as Admin....trying to create....");
        try
        {
            EventLog.CreateEventSource(Application.ProductName, "Application");

            System.Diagnostics.Debug.WriteLine("Successfully create EventLogSource");
            return true;
        }
        catch (Exception Exp)
        {
            MessageBox.Show("Error Creating EventLog Source: " + Exp.Message, Application.ProductName);
            return false;
        }
    }
    else
    {
        System.Diagnostics.Debug.WriteLine("Need to restart with admin roles");

        ProcessStartInfo AdminProcess = new ProcessStartInfo();
        AdminProcess.UseShellExecute = true;
        AdminProcess.WorkingDirectory = Environment.CurrentDirectory;
        AdminProcess.FileName = Application.ExecutablePath;
        AdminProcess.Verb = "runas";

        try
        {
            Process.Start(AdminProcess);
            return false;
        }
        catch
        {
            MessageBox.Show("The EventLog source was NOT created", Application.ProductName);
            // The user refused to allow privileges elevation.
            return false;
        }
    }
}

Called here:

static void Main(string[] args)
{
     if (CreateEventLogSource() == false)
          return;