What is the most efficient way to allow a specific user access to event logs?
I have come across a method to enforce permissions using local security policy and group policy, but it seems overly complex.
Is there a facility that makes granting a user access to the event logs easier?
Note that I do not have the User in any local security groups (such as Users, Power Users, or Administrators). It is a service user who is, you guessed it, my monitoring agent (NSClient++).
For future reference: Here you will find helpful SDDL definitions.
Best Answer
Using group policies would be the correct method of granting this right.