Cannot disable read access the Windows 7 security log

By default, without any action, users cannot read the security protocol. Only admins allowed in there, so no need for action since you'll not be able to limit admins in any way.

McKnife,
Somehow the default was lost and cannot set it not allow limited rights users to view it.

You can make the security changes you need with group policy (which might be how they were changed in the first place), but it may take a few modifications to some system files for the settings you need to be visible. The file you'll want to modify is SCEREGVL.INF, which is what defines the settings available in the Security Options section of a GPO. https://support.microsoft.com/en-us/kb/323076 describes how to add the options necessary to modify the Event Log security in group policy. If you only want to handle this on a single computer, you can just make the registry modifications at the top of the article. Otherwise, follow the instructions for Group Policy.

That article is written for Windows 2003, but the file exists in later versions of windows server and does the same thing. The only difference is that later versions have more security on that file, which requires you to take ownership, grant permissions, modify it, then restore the permissions to normal. https://support.microsoft.com/en-us/kb/947721 has instructions for accomplishing this.

First, one will have to look at the group "event log readers" look at its members. By default, it's empty.

Some of the PC’s are not in a domain, and the local gpo does not show those settings.