Title: Resolving "NT SERVICE\Eventlog" Access Issues When Registering Event Manifest and Resource DLL

When attempting to register an event manifest and its associated resource DLL using the command wevtutil im "%manifestpath%" /rf:"%resourcepath%" /mf:"%resourcepath%", you may encounter the following warning:

**** Warning: Publisher EventsProvider resources are not accessible. "NT SERVICE/Eventlog" did not have access to the resource file. ****

This error occurs when the "NT SERVICE\Eventlog" service account does not have sufficient permissions to access the manifest and resource DLL files. To resolve this issue, you need to grant the necessary permissions to the "NT SERVICE\Eventlog" service account.

Follow these steps to provide the required access:

Open File Explorer and navigate to the directory where your manifest and resource DLL files are located.

Right-click on the manifest file, select "Properties," and go to the "Security" tab.

Click on the "Edit" button to modify the permissions.

In the "Permissions" window, click on the "Add" button to add a new user or group.

In the "Select Users, Computers, Service Accounts, or Groups" dialog, click on the "Locations" button and select your computer name from the list.

In the "Enter the object names to select" field, type "NT SERVICE\Eventlog" and click on the "Check Names" button to validate the service account name.

Click "OK" to add the "NT SERVICE\Eventlog" service account to the list of users and groups.

With the "NT SERVICE\Eventlog" service account selected, grant the necessary permissions by checking the appropriate boxes in the "Permissions" list (e.g., "Read & execute," "Read," "Write").

Click "Apply" and then "OK" to save the changes.

Repeat the same process for the resource DLL file, granting the same permissions to the "NT SERVICE\Eventlog" service account.

After applying these changes, the "NT SERVICE\Eventlog" service account will have the necessary permissions to access the manifest and resource DLL files. You should no longer encounter the warning message when registering the event manifest using the wevtutil command.

Once the registration is successful, you can verify the changes in the Event Viewer. The newly registered event provider and its associated events should be visible in the Event Viewer, indicating that the registration process completed without any issues.

By granting the appropriate permissions to the "NT SERVICE\Eventlog" service account, you ensure that the Windows Event Log service can properly access and load the manifest and resource DLL files, allowing for the successful registration and usage of your custom event provider.