Share via

Write into Application Windows log remotely by Powershell.

Vasiliy P 10 Reputation points
2023-06-21T12:42:34.3+00:00

I have a Workstation (Windows 10 in the domain) and two Servers, 2016 and 2019 (both in the workgroup).

From the Workstation, I can successfully write into the Server2016 using the next two commands:

  1. New-EventLog -LogName "application" -Source "MySource" -computername "Server2016"
  2. Write-EventLog -LogName "application" -EventId 12 -Message "Mon Message" -Source "MySource" -EntryType Warning -computername "Server2016"

But when I do the same for the Server2019 I have an error on the command 2. Command 1 is ok, a new source is created successfully, no issues.

Error:

Write-EventLog : The registry key for the log "application" for source "MySource" could not be opened.
At C:\Users\Admin.Workstation\Documents\Untitled1.ps1:5 char:1
+ Write-EventLog -LogName "application" -EventId 12 -Message "Mon Messa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Write-EventLog], Exception
    + FullyQualifiedErrorId : AccessDenied,Microsoft.PowerShell.Commands.WriteEventLogCommand

On the Workstation I use a local Admin account the same account name Is created in both servers 2016 and 1019, with the same password.

Also, I tried to modify the SDDL permissive, the Regedit parameter in the sever2019 CustomSD (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application)

But it doesn't matter what to write there, it will never work remotely. But if to remove everything, keep only this part "O:BAG:SYD:" in this case will be not possible to write even locally, will be the same error message, which is mean it should work, but it doesn't work remotely.

This is the current string" "O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)(A;;0x3;;;S-1-5-32-545)" but I tried different variants.

Please let me know if anybody have any suggestions. Thank you.

Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,751 Reputation points
    2023-06-22T12:59:39.2533333+00:00

    Hello there,

    To write into the Application Windows log remotely using PowerShell, you can utilize the Write-EventLog cmdlet along with the -ComputerName parameter. Here's an example of how to do it:

    $computerName = "RemoteComputerName"

    $source = "PowerShellScript"

    $eventID = 1001

    $entryType = "Information"

    $message = "This is a test event log message."

    Write-EventLog -LogName Application -Source $source -EventID $eventID -EntryType $entryType -Message $message -ComputerName $computerName

    Make sure to replace the placeholders with the appropriate values:

    $computerName: Specify the name or IP address of the remote computer where you want to write to the Application log.

    $source: Provide the source name for the event log entry. This can be a custom name to identify the source of the log entry.

    $eventID: Assign a unique event ID to the log entry.

    $entryType: Specify the type of the log entry. It can be "Error," "Warning," "Information," or "SuccessAudit."

    $message: Add the desired message for the log entry.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.