If you try to get the Security Eventlog from a Domain Controller by using the Get-Eventlog in Powershell you get the error “Requested registry access is not allowed”
In Windows 2008 and 2008 R2 there is a builtin groups called Event Log Readers. Even if you add a user to the group you will get the same error.
Go to KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
Right click and Add Read permissions for Event Log Readers.