I’ve been trying to get into the ‘C:\Windows\System32\winevt\Logs’ folder programmatically using C# so I can copy the event log files to a backup directory and then clear the event logs as a part of a daily backup apparatus, but I don’t seem to be able to get access to this directory.

I’ve tried changing the application manifest to run under administrator ( ) which gives me the UAC prompt when I execute the program and I’ve even gone as far as to spawn a shell under NT AUHORITY\SYSTEM identity to execute the code but it still says it’s an invalid path, even though I can manually go into the directory under both administrative shell and the SYSTEM shell.

I’ve isolated it to just not being able to go into the winevt dir.
I use this code to see if I can access the directory.

Environment.CurrentDirectory = System.Environment.SystemDirectory + @”\winevt\”;

only to receive

System.IO.DirectoryNotFoundException: Could not find a part of the path ‘C:\Windows\system32\winevt\’.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.SetCurrentDirectory(String path)
at System.Environment.set_CurrentDirectory(String value)
at dev_EventLog.Program.Main(String[] args) in D:\SourceCodes\dev_EventLog\dev_EventLog\Program.cs:line 30

I’ve tried many different ways to specify the directory but it’s all the same, and I’ve also tried different subfolder of System32 and of the 10 or so I tried winevt is the only one to act like this.

This has been driving me nuts, anyone know why this isn’t working under C# or am I forced to use VBScript to do this, since the following VBScript code works to copy the event log file.

dim filesys
set filesys=CreateObject(“Scripting.FileSystemObject”)
filesys.CopyFile “C:\Windows\System32\winevt\Logs\Application.evtx”, “C:\rusl\Application.evtx”