Best practice for file share containing log files from users

Hi All..
Sorry about sort of double posting however this is a more defined question on what to do.
I hope it's ok :)

I have a group of people who are using a remote desktop program and all their actions must be logged at a central storage. That's no problem however my users should not be able to guess their way into this file share and edit any of the files, but they have to be able to write to share because each time a new connection is startet, a new log file is created.

Now to the question: How do I configure the share permissions and NTFS permissions according to best practice?

Please note that I have some kind of working solution however I don't want my users to be able to guess their way into the log files.

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.