(at least a value 1 in PrivilegeDepthMask column in RolePrivileges Table)
You can find on the security setting page>roles>Business Management Tab.
from the Data, we can see the SDDL configuration of event log. Example from my machine:
To construct an SDDL string, note that there are three distinct rights that pertain to event logs: Read, Write, and Clear. These rights correspond to the following bits in the access rights field of the ACE string:
2 = Write
4 = Clear
(0x3 means read&write, depend on what you want, such as 0x7) Reference the value above. Just copy another set and paste behind, eg.:I bold with blue color..
The word I highlight with red color above "IU" is refer to Interactively logged-on user;now, you may ask how I know which SID string I need to put if I want to allow NETWORK SERVICE user to have write access to event log.
I listed down some of the most common use of SID string and its value, detail please refer to the link i posted above.
(AU)AuthenticatedUser; (NU)Network logon user; (NS)Network service account; (SU)Service logon user
When hit this kind of error, first must find out which account do not have the access rights to event log and then grant the correct rights solved the problem.
Hope this post can help you!
we need to do is change/add a DWORD registry key
named [DisableParameterFilter] under [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM], set the value to 1.
Run iisreset, now you can append your custom parameters like normal ASP.NET web form.
Reference from ascentium CRM blog