Granting Event Log Permissions in Low-Privilege Monitoring Scenarios

I was recently working on a low-privilege management pack configuration scenario, and needed to grant Event Log permissions to an account without privileges on the server...Since granting Event Log permissions in these scenarios necessitates the use of SDDL (Security Descriptor Definition Language), it's good to have some resources in your pocket to help accomplish this through group policy to expedite the process. Here are some good resources I've bookmarked. KB323076: How to set event log security locally or by using Group Policy in Windows Server 2003 http://support.microsoft.com/kb/323076 tales from the crypto blog SDDL - easier to read, except when it's not. http://msmvps.com/blogs/alunj/archive/2006/02/13/83472.aspx Working with Templates http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsh05.mspx?mfr=true