how to add network service to local event log readers group via GPO

I need to add Network Service account to the local event log readers group of a server via Domain GPO.  Windows 2008 R2 servers.
gmckfnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
try this.

> Group = BUILTIN\Event Log Readers
> Members = NT Authority\NETWORK SERVICE
 
Either use MemberOf instead of Members (which would require a
"intermediate" group and will not work for the network service, because
Network service is a local account and can only be member of local
groups, and you cannot nest local groups), or switch from RG to GPP LUG
(Group Policy Preferences "Local Users and Groups").
 

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jian An LimSolutions ArchitectCommented:
i will use group policy preference to add them into Event log readers


http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/  <-- change the "local administrator" to "even log readers"
gmckfnAuthor Commented:
That helped me with adding network service to my event log readers group but how do I get a computer account to be added to the local group?   I tried %DomainName%\Taco but its not populating into the event logs readers group.  Any ideas.  Thanks for the first part guys!!
Jian An LimSolutions ArchitectCommented:
computer account need to have $ at the back of the machinename

so %domainname%\machinename$.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.