You might try server operators group. You might even be able to use a
regular user account if that user has the proper ntfs permissions to the
logs and files it needs to clean up though a regular user can not clear the
security log if you have that in mind unless that account has the user right
to mange audit and security logs. User rights that you may want to assign to
the user to accomplish the job could be right to manage audit and security
logs, logon as batch job, and backup files and directories. Enabling
auditing of privilege use for failure could help determine if the account
needs any additional user rights to do it's job that it can not currently
do.
You can also configure the user rights for logon locally, deny logon
locally, access this computer from the network, and deny access to this
computer from the network to restrict what user accounts can access. Keep in
mind that the lack of a user right is an implicit deny and that deny user
rights override allow user rights. Refer to the Windows 2000 Security Guide
for more specifics on user rights and built in groups as shown in the links
below. The whole guide can be downloaded for free.--- Steve
http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/appxb.mspx
http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/05sconfg.mspx