The environment: Server: Windows Server 2012 R2 with Remote PowerShell enabled. Workstation: Windows 8.1
So I've created a PowerShell Module called MyModule.psm1 with the following function:
Function CreateEvent() {
Write-EventLog –LogName ToolLog –Source “Schedule” –EntryType Information –EventID 13 –Message “There were users written to the database.”
}
I created a PSSessionConfigurationFile and then registered it with a configuration name of EventLogging, so that I can remote powershell via the following:
$Creds = Get-Credential
$SessionOpts = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$Session = New-PSSession -ComputerName Server.Domain.Com -ConfigurationName EventLogging -Credential $Creds -UseSSL -SessionOption $SessionOpts
Import-PSSession $Session
Now, when I enter a Local Administrators credentials into the Get-Credential, I can run the function CreateEvent and everything works just fine. However, if I enter a Standard Local Users credentials, I get an error of: The registry key for the log "ToolLog" for source "Schedule" could not be opened.
I replaced the Write-EventLog in the Function with:
$EventLog = new-object System.Diagnostics.EventLog("ToolLog");
$EventLog.MachineName = ".";
$EventLog.Source = "Schedule";
$EventLog.WriteEntry("There were users written to the database.", "Information", 15);
And I receive an error of: Exception calling "WriteEntry" with "3" argument(s): "Cannot open log for source 'Schedule'. You may not have write access."
If I log on to the server locally and Import the Module and try to run the function I get the same exact errors. I also cannot run the cmdlet of Write-EventLog by itself.
From all of the information I found on the internet, I've give my local non-admin user write permissions to the event log. Both through RegEdit and through NTFS on the actual Event Log file.
Any ideas?
Thanks, Brian
