That helped me with adding network service to my event log readers group but how do I get a computer account to be added to the local group? I tried %DomainName%\Taco but its not populating into the event logs readers group. Any ideas. Thanks for the first part guys!!
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/ <-- change the "local administrator" to "even log readers"