Click here to Skip to main content
13,089,610 members (54,442 online)
Click here to Skip to main content
Add your own
alternative version


18 bookmarked
Posted 22 Feb 2006

Adding User Name to Events

, 22 Feb 2006
Rate this:
Please Sign up or sign in to vote.
How to add user names to the Event Viewer.

The Event Viewer


This article will explain how to add a user name to the Events that are logged in to the Event Viewer.


I needed to add user names to events that were being logged, and I could not find anything directly on target. Microsoft's website stated to simply add the SID to the ReportEvent function. It did not tell how to get the SID. After much more investigation, I found something written in another programming language that got the user SID, so I translated it into C and combined it with what I was doing.

Using the code

I wrote a standalone program first to test out what I wanted to do at work. I will provide all the relevant portions here so that you can simply paste into your project something that works.

    HANDLE hToken;
    HANDLE g_eventHandle = NULL;
    int rc;
    DWORD dwLength = 0;
    PTOKEN_USER pTokenUser = NULL;
    TCHAR *params[1];

        // in order to use ReportEvent we must first Register Event
    g_eventHandle = RegisterEventSource(NULL, _T("SID_TEST"));
    OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);

    // Get required buffer size and allocate the PTOKEN_USER buffer.
    if (!GetTokenInformation(
        hToken,         // handle to the access token
        TokenUser,    // get information about the token's groups
        (LPVOID) pTokenUser,   // pointer to TOKEN_USER buffer
        0,              // size of buffer
        &dwLength       // receives required buffer size
        if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
            goto Cleanup;

        pTokenUser = (PTOKEN_USER)HeapAlloc(GetProcessHeap(),
            HEAP_ZERO_MEMORY, dwLength);

        if (pTokenUser == NULL)
            goto Cleanup;

    // Get the token group information from the access token.
    if (!GetTokenInformation(
        hToken,         // handle to the access token
        TokenUser,    // get information about the token's groups
        (LPVOID) pTokenUser,   // pointer to TOKEN_USER buffer
        dwLength,       // size of buffer
        &dwLength       // receives required buffer size
        goto Cleanup;

    params[0] = const_cast<TCHAR*>("test string");

    // the actual call that places the event into the Event Viewer
    rc = ReportEvent(g_eventHandle, EVENTLOG_INFORMATION_TYPE, 0, 0,
        pTokenUser->User.Sid,// the sid goes here <-------
        1, 0, (LPCTSTR *)params, NULL);


    // Free the buffer for the token .
    if (pTokenUser != NULL)
        HeapFree(GetProcessHeap(), 0, (LPVOID)pTokenUser);

    // i am finished with the Event

Points of Interest

That's all there is to it. The GetTokenInformation function has to be called twice; if you have too much or too little allocated for your SID, the function will fail.

The Event View with our entry:

The Event Viewer


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Software Developer (Senior)
United States United States
I am a computer programmer in Florida.

You may also be interested in...


Comments and Discussions

GeneralUser is strange code rather than username Pin
Patje21-Feb-11 23:04
memberPatje21-Feb-11 23:04 
GeneralNice example but do you have version. Pin
Member 491154825-Mar-08 16:31
memberMember 491154825-Mar-08 16:31 
QuestionWhat about using LookupAccountName ? Pin
lumoryel12-Apr-06 4:22
memberlumoryel12-Apr-06 4:22 
AnswerRe: What about using LookupAccountName ? Pin
maththaios12-Apr-06 5:26
membermaththaios12-Apr-06 5:26 
GeneralNice but i have a question Pin
nesculcas6-Mar-06 0:23
membernesculcas6-Mar-06 0:23 
GeneralRe: Nice but i have a question Pin
maththaios6-Mar-06 9:04
membermaththaios6-Mar-06 9:04 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.170813.1 | Last Updated 22 Feb 2006
Article Copyright 2006 by maththaios
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid