I want to create a user account who is able to view the security log in event viewer, but not as a administrator, just as a power user. I had been getting this error when I click the security log:
Unable to complete the operation on "Security". A required privilege is not held by the client.
The method I tried after some Googling:
Add both user account and computer account in:
Computer Configuration/Windows Settings/Local Policies/User Rights:
Manage auditing and security log
It looks like you should be able to edit the event log security settings with a little registry or group policy magic and SDDL. It's a bit hard to summarize, but Microsoft has a KB article that tells you what to do.
The most direct way is directly in the registry, in which case you need to edit the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\CustomSD and specify the SDDL that does what you want.
Searching around is probably the best way to learn SDDL. I have found this article to be useful.
The above is helpful (very - I was looking for the SID/abbreviation for EVERYONE - which now i know = WD).
OP: The best way to do it is to create a new local group and get the SID for that group, then give the SID read access in the above registry:
(A;;0x1;;;[SID-HERE])
To test that this will work, try giving everyone READ access first:
(A;;0x1;;;WD)
Then change the WD to the SID of the user/group you create.