In 2008, this is a doddle. Add the user to the built in Event Viewers group!
In 2003 however, there’s a bit more to it. You’ll need to amend the registry. The security of each log is configured locally through the values in the following registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlog
The Application log Security Descriptor is configured through the following registry value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventlogApplicationCustomSD
Replace “Application” in the above path with “System” for the system log,“Security” for the security log etc.
The CustomSD value is in SDDL format, as shown below:
O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0×5;;;BA)(A;; 0×7;;;SO)(A;; 0×3;;;IU)(A;;0×2;;;BA)(A;; 0×2;;;LS)(A;; 0×2;;;NS)
So, find the SID of the user or group you want to be given read access to the log. Navigate to the CustomSD value for that log and append the value with the following:
(A;; 0×1;;;SID)
Note that there are three distinct rights that pertain to event logs: Read, Write, and Clear. These rights correspond to the following bits in the access rights field of the ACE string:
1= Read
2 = Write
4 = Clear
So, for your user to have read access, use 0×1 in the string. For read and write access, use 0×3, for read/write/clear access use 0×7 etc.
This site may also assist in the commands for DSGET which is how you find the SID: http://ss64.com/nt/dsget-group.html
Source: http://ferretnotes.wordpress.com/2012/01/31/remote-access-to-event-viewer-windows-server-20032008/