Required when we need to allow users who are non-administrators to access
1. backup c:\windows\inf\sceregvl.inf
2. edit c:\windows\inf\sceregvl.inf and add following to allow security for eventlogs
to be customized via the Local group policy mgmt console (gpedit.msc)
MACHINE\System\CurrentControlSet\Services\EventLog\Application\CustomSD,1,%AppLogSD%,2
MACHINE\System\CurrentControlSet\Services\EventLog\System\CustomSD,1,%SysLogSD%,2
MACHINE\System\CurrentControlSet\Services\EventLog\Security\CustomSD,1,%SecLogSD%,2
3. re-register scecli.dll
c:\windows\inf> regsvr32 scecli.dll
4. start gpedit.msc, notice that those entries for customising security are added.
5. Follow the SDDL syntax to allow modify the security for each eventlog item to
allow the specified users/groups access.