Comments

• bruce January 23, 2004 10:04 AM

  This is, hands down, the most useful article I've read this week. Thank you for filling in the blanks. :)

• bruce February 11, 2004 2:11 PM

  Thanks this got rid of the log entries!

• bruce March 3, 2004 4:15 AM

  Thanks for the useful info.
  I'm still confused, though, how to actually change the key.
  
  How do you mean by setting the ACL for the registry key to ASPNET? I have no such key.
  
  Thanks
  Christian

• bruce March 18, 2004 11:07 PM

  ditto!

• bruce March 29, 2004 2:24 PM

  Use regedt32 to set registry acl permissions, or if you use windows installer, you could do it there.

• bruce April 19, 2004 1:10 PM

  We are also running into this problem on both servers where we have ASP.NET installed. We aren't running any scripts to our knowledge that are actively trying to update the performance counter, so where is this coming from? Is it a bug with ASP.NET?
  
  We tried this registry setting trick but there is NO ENTRY for Access Control List. Do you have to ADD the entry? Any other ideas?

• bruce April 20, 2004 1:00 AM

  It's not that there is an entry for Access Control List. What needs to happen is that the permissions on the Perf registry key needs to be set. The easiest way to to this is with the regedt32.exe command. Execute regedt32 through Start|Run and navigate to the registry key. Then select the Edit|Permissions menu item. In the dialog that comes up, assign Full Control to the ASPNET user. If you don't see ASPNET in the list at the top of the dialog, use the Add button to add it. Then allow Full Control access and click OK.
  
  Hope this helps.
  

• bruce May 13, 2004 11:20 PM

  System.ComponentModel.Win32Exception: Access is denied
  
  Problem Remains

• bruce July 4, 2004 12:02 AM

  Holy smoke! This really works. I've been looking for info on how to fix this! Thanks!

• bruce July 5, 2004 7:47 AM

  Couldn't find that key in my registry anyway
  . I have Win 2003 server .
  Any ideas ?

• bruce July 14, 2004 12:13 AM

  I am getting the following error even after assign Full Control to the ASPNET user..
  
  "The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. "

• bruce July 15, 2004 3:10 PM

  Thank you Bruce, I've been trying to solve this problem the whole day, thanks

• bruce July 29, 2004 8:13 AM

  I found this incredably useful. However I noticed there is a slightly easier way to give a user pemission to use perf counts. Add your user to the local group "Performance Log Users", I found this easier than altering registery acls.
  
  Thanks again - wouldn't have figured this one out with this artical.

• bruce July 29, 2004 9:49 AM

  Robert is correct about the Performance Log Users group allowing access to the perf counts. However, this group wasn't added until Win 2003 Server, so it might not be applicable to everyone. Also, according to the description, members of this group can "manage performance counters, logs and alerts on the server locally and from remote clients". I haven't investigated what 'manage' means from a functional perspective. There is the possibility that it opens more access then setting the ACL on the registry key. Hopefully I can provide more information after a bit of investigation.

• bruce August 17, 2004 11:39 AM

  Thanks Bruce. The only variance I noted (for W2K Pro) is that after selecting the key in Regedt32, the menu selection is Security>Permissions instead of Edit>Permissions. Works like a charm!

• bruce September 16, 2004 1:25 PM

  Is a boot of the machine necessary after setting these permissions ?

• bruce September 16, 2004 5:52 PM

  We tried granting permissions to the ASP.NET account (full control) to Perflib and now we're getting this message ...
  
  The Collect Procedure for the "Spooler" service in DLL "C:\WINNT\system32\winspool.drv" generated an exception or returned an invalid status. Performance data returned by counter DLL will be not be returned in Perf Data Block. Exception or status code returned is data DWORD 0.
  
  ...

• bruce September 16, 2004 11:51 PM

  I've never had to reboot to get the permissions to be picked up. The application that is making the request had to be restarted, however.
  
  Also, with respect to the Collect Procedure error, check out the following KB article: http://support.microsoft.com/?kbid=839397
  
  It appears to cover the problem that you're getting. If that doesn't work, feel free to post additional comments or email me.

• bruce December 16, 2004 7:31 AM

  Now thats what I call real useable technical advice. Thank you.

• bruce December 24, 2004 6:03 PM

  Works perfect under w2k. writing this comment took me longer than to actually cure the problem!

• bruce January 12, 2005 9:18 AM

  Any solution for the following error:
  
  Security Exception
  Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
  
  Exception Details: System.Security.SecurityException: Requested registry access is not allowed.
  
  

• bruce February 14, 2005 7:50 PM

  I still have problems creating performance counters (and group) on the fly from my ASP.NET application.
  
  On my local Windows XP the above trick worked as a charm, but on my (production) Windows 2003 web edition servers, it has no influence, and I get a permission exception, when trying to add the counters.
  
  Any ideas, guys ?

• bruce May 11, 2005 5:25 PM

  
  
  For 2003 I did the following changes:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 - Added permissions for Network Service
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services - Added permissions for Network Service
  C:\WINNT\system32\perf*009.dat - Added full permissions for Network Service on all matching files
  
  After that it worked like a charm.

• bruce May 24, 2005 5:57 PM

  Does anyone have a code sample that does this? Preferrably .NET, Visual Basic, but any code sample will do. Thanks!

• bruce May 27, 2005 2:28 PM

  This is great. Solved a problem we've been having for a few weeks.

• bruce June 8, 2005 3:23 AM

  John, your suggestions for W2003 works great. However, are ther any security implications as a result of changing these ACLs that you are aware of? Thanks a lot all the same.

• bruce June 10, 2005 9:32 AM

  If you go back to the top of the original post, you'll find a couple of links to MSDN articles that include some sample code.

• bruce June 14, 2005 9:52 PM

  I'm looking for code samples that adds permission for the ASPNET user has Full Control to the existing registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib.
  
  Code for creating registry keys is no problem, it's modifying the permissions on an existing registry key that I cannot find samples for. I should have been more specific in my original post. Thanks!

• bruce June 16, 2005 10:22 AM

  The reason you're having trouble finding .NET samples is because you can't do what you want using pure managed code. At least, not until .NET 2.0, when managing the registry ACLs is exposed through the System.Security namespace.
  
  In the meantime, check out http://www.codeproject.com/dotnet/SecureRegistryKey.asp for an example of how to do what you're looking for using today's technology.

• bruce January 3, 2006 4:20 PM

  Thanks for the info ...helped me fix my issues

• bruce February 15, 2006 4:49 AM

  Thanks, I will certainly try this together with Vuokko

• bruce March 6, 2006 1:57 PM

  Thanks a tonne mate, this post just saved me a headache in the making :-)

• bruce March 16, 2006 7:43 AM

  I've given Full Control access to aspnet user in registry.But still i'm getting the same error..is there any other solution???Plz help me out

• bruce September 14, 2006 12:56 PM

  Not sure If my problem related to described here. But may be someone can help me.
  User from remote desktop launches an application with NON-Admin rights, and getting error below. Admin has no problem. Any Ideas?!
  I found some info that I need to add user into Performance Counter Users Group. How? Thanks in advance
  -------------------------------------------See the end of this message for details on invoking
  just-in-time (JIT) debugging instead of this dialog box.
  
  ************** Exception Text **************
  System.InvalidOperationException: Couldn't get process information from remote machine. --->
  System.ComponentModel.Win32Exception: Access is denied
  at System.Diagnostics.PerformanceMonitor.GetData(String item)
  at System.Diagnostics.PerformanceCounterLib.GetPerformanceData(String item)
  at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
  at System.Diagnostics.PerformanceCounterLib.GetPerformanceData(String[] categories, Int32[] categoryIndexes)
  at System.Diagnostics.NtProcessManager.GetProcessInfos(PerformanceCounterLib library)
  --- End of inner exception stack trace ---
  at System.Diagnostics.NtProcessManager.GetProcessInfos(PerformanceCounterLib library)
  at System.Diagnostics.NtProcessManager.GetProcessInfos(String machineName, Boolean isRemoteMachine)
  at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)
  at System.Diagnostics.Process.GetProcessesByName(String processName, String machineName)
  at System.Diagnostics.Process.GetProcessesByName(String processName)
  at PMT.frmMain.CheckForPrevInstance()
  at PMT.frmMain.frmMain_Load(Object sender, EventArgs e)
  at System.Windows.Forms.Form.OnLoad(EventArgs e)
  at System.Windows.Forms.Form.OnCreateControl()
  at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
  at System.Windows.Forms.Control.CreateControl()
  at System.Windows.Forms.Control.WmShowWindow(Message& m)
  at System.Windows.Forms.Control.WndProc(Message& m)
  at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
  at System.Windows.Forms.ContainerControl.WndProc(Message& m)
  at System.Windows.Forms.Form.WmShowWindow(Message& m)
  at System.Windows.Forms.Form.WndProc(Message& m)
  at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
  at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
  at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam,
  IntPtr lparam)
  
  
  
  ************** Loaded Assemblies **************
  mscorlib
  Assembly Version: 1.0.5000.0
  Win32 Version: 1.1.4322.2300
  CodeBase: file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
  ----------------------------------------
  PMT
  Assembly Version: 1.0.2361.19470
  Win32 Version: 1.0.2361.19470
  CodeBase: file:///E:/Program%20Files/Eriksen%20Translations/PMT/PMT.exe
  ----------------------------------------
  System.Windows.Forms
  Assembly Version: 1.0.5000.0
  Win32 Version: 1.1.4322.2300
  CodeBase: file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
  ----------------------------------------
  System
  Assembly Version: 1.0.5000.0
  Win32 Version: 1.1.4322.2300
  CodeBase: file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
  ----------------------------------------
  System.Drawing
  Assembly Version: 1.0.5000.0
  Win32 Version: 1.1.4322.2300
  CodeBase: file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
  ----------------------------------------
  System.Data
  Assembly Version: 1.0.5000.0
  Win32 Version: 1.1.4322.2300
  CodeBase: file:///c:/windows/assembly/gac/system.data/1.0.5000.0__b77a5c561934e089/system.data.dll
  ----------------------------------------
  System.Xml
  Assembly Version: 1.0.5000.0
  Win32 Version: 1.1.4322.2300
  CodeBase: file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
  ----------------------------------------
  Microsoft.VisualBasic
  Assembly Version: 7.0.5000.0
  Win32 Version: 7.10.6310.4
  CodeBase: file:///c:/windows/assembly/gac/microsoft.visualbasic/7.0.5000.0__b03f5f7f11d50a3a/microsoft.visualbasic.dll
  ----------------------------------------
  
  ************** JIT Debugging **************
  To enable just in time (JIT) debugging, the config file for this
  application or machine (machine.config) must have the
  jitDebugging value set in the system.windows.forms section.
  The application must also be compiled with debugging
  enabled.
  
  For example:
  
  <configuration>
  <system.windows.forms jitDebugging="true" />
  </configuration>
  
  When JIT debugging is enabled, any unhandled exception
  will be sent to the JIT debugger registered on the machine
  rather than being handled by this dialog.
  
  ------------------------------------

• bruce October 2, 2006 3:51 AM

  John Offenhartz mentions somewhere above that permissions should be modified for HKLM\System\ControlSet001\Services. This should be correct, since when creating a performance counter category a new registry key is created there.
  After setting that permissions also I get a Win32Exception with 'Unknown error (0xc0000022)' as description. And then the problem is access to the C:\WINNT\system32\perf*009.dat files as John also mentions. After setting permissions to that files the problem is solved!
  No the problem is that these are two many settings you have to handle in order for performance counters to work! Especially that file permissions, which are not that easy to set with an automated procedure.

• bruce October 2, 2006 3:57 AM

  But then again, permissions to Services and files are only required to create the category! Once you have created it, permissions under perflib are enough.

• bruce October 9, 2006 11:27 AM

  Hi !!!!. Any answer for jelena´s issue ?

• bruce October 27, 2006 11:43 PM

  i'm getting the same error as jelena when user from remote desktop launches an application with NON-Admin rights. Any Ideas?!
  

• Things To Remember ... March 7, 2007 8:49 AM

  Recently had some issues setting up some custom perf counters to install and run from an ASP.Net page

Leave a Comment