We want to create two separate admin roles; security admin and system admin.
Security admin should only be able to configure logging and read the security log (using gpo or directly configuring each member server).
System admin should be able to to more or less everything else except for configure logging and reading security logs. For example: install software, configure various aspects of windows etc.
Is this even at all possible to accomplish? How?