At my Decatur event yesterday afternoon, we had quite a bit of dialogue around the Optimizing Web Applications session I am presenting as part of the Oct-Dec MSDN Events. One question that I promised I would post to my blog (with an answer) was "Who is authorized to manage performance counters on a system and how is it set up?"
The Performance Counters Reference states very concisely "You must be a member of the Administrators group on the IIS server or a member of the Performance Logging group to retrieve valid data from the following counters. If you are not a member of one of these groups, or if the service you are monitoring is not running, the performance counters return a zero value." This very concisely addresses reading performance counters as an end-user, but I also wanted to address permission to create and manage performance counters in code.
It was then that I recalled the wonderful concept of code access security (CAS). I checked in the MSDN Library and confirmed that there is a PerformanceCounterPermission class. You can leverage the concept of CAS to set policies determining which applications and assemblies can have permission to work with performance counters. For a good article to learn about CAS, check out Understanding .NET Code Access Security