Dmitry,

The problem *is* a security issue. We use the event log also and have tried several different ways to get the Event Source created programmatically. We finally decided on a Web Service web method, which can just be accessed through IE.It only needs to be done once. Here's the web method:

The line containing "Events.EventSources" is simply an Enum containing the names of EventSources we might use in our app. If you only have one, then you can just get rid of that whole foreach loop and just hardcode the name of your source in the if.

[WebMethod(Description = "Set server Event Log sources.")]
public string SetEventLogSources(string Username, string Password, string Domain)
{
	//This will keep track of the impersonation token
	const int LOGON_TYPE_INTERACTIVE = 2;
	const int LOGON_TYPE_PROVIDER_DEFAULT = 0;
	string logName = "Application";
	IntPtr userToken = IntPtr.Zero;

	if (LogonUser(Username, Domain, Password, LOGON_TYPE_INTERACTIVE, LOGON_TYPE_PROVIDER_DEFAULT, ref userToken))
		{
		//Initialize user token 
		WindowsIdentity oIdentity = new WindowsIdentity(userToken);
		WindowsImpersonationContext oContext = oIdentity.Impersonate();

		foreach (string source in Enum.GetNames(typeof(Events.EventSources)))
		{
			if (EventLog.SourceExists(source) == false)
				EventLog.CreateEventSource(source, logName);
		}

		//Undo impersonation
		oContext.Undo();

		return "Event source registration successful!";
	}
	else
	{
		return "Unable to process user credentials for event source registration.";
	}
}

~~Bonnie