If your application needs to use application specific event sources, you
should create them at installation time when administrator privileges are
available. A good approach is to use a .NET installer class, which can be
instantiated by the Windows Installer (if you are using .msi deployment) or
by the InstallUtil.exe system utility.

If you are unable to create event sources at installation time, and you are
in deployment, the administrator should manually create new event source
entry beneath the following registry key:


You should not grant write permission to the ASP.NET process account (or
any impersonated account if your application uses impersonation) on the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ registry
key. If you allow write access to this key and the account is compromised,
the attacker can modify any log-related setting, including access control
to the log, for any log on the system.

As you can see, creating event source at HKLM will certainly requires
administrative privilege.