Is there a way to grant users access to the Application Event Log on a server without making them a PowerUser on the server?
There are other tools that we can use (syslog or elmah), but it would be easier if we can just grant access to the log.
I just want to be able to open up eventvwr and "Connect to Another Computer".
Sounds like you want to modify the default ACL on the event log. If you're using Windows Server 2003 SP1 or newer you can do this (if not, sorry-- it's hard-coded into Windows in older verisons).
Have a look at this article, for starts: http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
That tells you how to use the settings in the registry to manipulate the ACL on the event logs. After that, it gives you some advice on using Group Policy to distribute the change, but it's really up to you to make it happen.
You're going to have to learn how to deal with SDDL syntax, which is just plain ugly, in order to do what you're looking for, but it's definately feasible. (Also see http://blogs.technet.com/askds/archive/2008/04/18/the-security-descriptor-definition-language-of-love-part-1.aspx and http://blogs.technet.com/askds/archive/2008/05/07/the-security-descriptor-definition-language-of-love-part-2.aspx).
Some more background is in these articles: