LUA for STAS service account

Question

I understand that STAS is watching the Security log on a DC from a remote machine in order to map users to IP addresses. Typically, you have to be a member of Administrators to read the Security log. On a DC, that means you have to be a member of Domain Admins. Using a Domain Admin account for a service account is a security worst practice. 
 I was unable to locate any documentation on Sophos web site for creating a service account that had only the minimal permissions needed for this, but I found that Juniper has recommendations for their equivalent for STAS that sounds like it could work for STAS-- 
 https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/nt291/Windows%202008_2012%20non-admin%20for%20event%20log%20query.pdf 
 If I do steps 1-5 in that article, will that provide the permissions needed for a STAS service account? Will Sophos consider writing a similar article for their KB? 
 Thanks!

LuCar Toni · Accepted Answer

Serverfault talks about this in more detail: 
 https://serverfault.com/questions/28520/which-permissions-rights-does-a-user-need-to-have-wmi-access-on-remote-machines 
 
 Also you need to have access to the server logs. 
 https://social.technet.microsoft.com/Forums/windowsserver/en-US/e4202b79-4e23-4d21-8e16-e4d3372b259c/nonadministrator-access-to-dc-event-logs?forum=winserverGP

FormerMember · Answer

Hi IT IT7, 
 The minimum permissions required for a non-administrator domain account to install and configure STAS are Execute method and Remote Enable. You have to allow those two permissions to the user. 
 Thanks,