Event log permissions in Server 2008

Configuring the permissions for an event log in Server 2003 and earlier required processing the SDDL at this registry entry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD

To get the SDDL in Server 2008, use the following PowerShell:

$currentSddl = ([xml](wevtutil.exe gl $logName /f:xml)).channel.channelAccess

And to write it back:

wevtutil sl $logName /ca:$newSddl