I am trying to write a script so that a non-administrator user can
create a plain text file of all all the event logs.  I have successfully
done this for the system and application logs however I am unable to get
the script to work for the security log.

I know I need to have the security privilege (group policy - manage
audit and security) which I do however the user is still unable to
create a plain text file of the security log.  Another wierd thing -
when I log on with the user account and use event viewer to view the
logs I can view the security log once!!  If I refresh the view or change
to another log and come back event viewer reports that I do not have the
privilege to view the security log!!!

Is there any other security privileges that the user needs to have?

Is there another way to allow a non-administrator to create plain text
files of all event logs?

P.S. The script works for all event logs when logged in as administrator
and does not work even if the user belongs to the power user group.

***START OF SCRIPT***

result = msgbox("Are you sure you want to copy event logs to e: ?",
vbQuestion + vbOKCancel, "Copy Event Logs")

if result = 1 then
  set WshNetwork = WScript.CreateObject("WScript.Network")
  strComputerName = WshNetwork.ComputerName

  dtmThisDay = Day(Now)
  dtmThisMonth = Month(Now)
  dtmThisYear = Year(Now)
  strFilename = "e:\" & dtmThisYear & "_" & dtmThisMonth & "_" &
dtmThisDay & "_" & strComputerName

  strcomputer = "."

  set FSys = CreateObject("Scripting.FileSystemObject")

  set objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate, (Backup, Security)}!\\" _
                      & strComputer & "\root\cimv2")
  set colEventLogFiles = objWMIService.ExecQuery ("Select * from
Win32_NTEventlogFile")

  for each objLogFile in colEventLogFiles
    set colLogFiles = objWMIService.ExecQuery ("Select * from
Win32_NTLogEvent WHERE LogFile = '" & objLogFile.LogFileName & "'")
    strName = strFilename & "_" & objLogFile.LogFileName & ".txt"
    set TStream = FSys.OpenTextFile(strName, 2, True)
    TStream.WriteLine "Backup of " & objLogFile.LogFileName & " Event
Log"
    TStream.WriteLine ""
    TStream.WriteLine "Type, Time, Source, Category, Event, User,
Computer"
    For each objEvent in colLogFiles
      strEvent = objEvent.Type & ", " & objEvent.TimeGenerated & ", " &
objEvent.SourceName & ", " & _
                 objEvent.CategoryString & ", " & objEvent.EventCode &
", " & objEvent.User & ", " & _
                 objEvent.ComputerName
      TStream.WriteLine(strEvent)
    Next
  Next

 Wscript.Echo "Event logs backed up"

end if

***END OF SCRIPT***

Thanks,

-MICK-