I want to create a user account who is able to view the security log in event viewer, but not as a administrator, just as a power user. I had been getting this error when I click the security log:
Unable to complete the operation on "Security". A required privilege is not held by the client.
The method I tried after some Googling:
-
Add both user account and computer account in:
Computer Configuration/Windows Settings/Local Policies/User Rights:
Manage auditing and security log
Best Answer
It looks like you should be able to edit the event log security settings with a little registry or group policy magic and SDDL. It's a bit hard to summarize, but Microsoft has a KB article that tells you what to do.
The most direct way is directly in the registry, in which case you need to edit the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\CustomSD and specify the SDDL that does what you want.
Searching around is probably the best way to learn SDDL. I have found this article to be useful.