This check can be accomplished, but you have to turn it upside down a bit. Your logic is correct, but since you are dealing with multiple values you will need to do the following:
E0 : User rights (Names): Impersonate a Client after authentication <LIST> =~ /Administrators|Local\s*Service|Network\s*Service/i
E1: User rights (Names): Impersonate a Client after authentication <LIST> !~ /Administrators|Local\s*Service|Network\s*Service/i
E0 and Not E1 will be your formula.
You were close, but the first expression looks to make sure that any of the items in the regex will be found in the list [you needed to drop the parenthesis because that doesn't exist in the data collected]. Then you need to do a double negative to make sure that there are not any other accounts assigned to this user right. so expression E1 reads, User rights (names): Impersonate a client after authentication <List> no match /Administrators|Local\s*Service|Network\s*Service/i then you have to use the "Not" in the formula expression to make sure no other accounts exists for this User right. This is the only way I have been able to accomplish this. I haven't tried it in a while, but you may need to create a separate expression for each account that you want to verify is in the list as well
Hope this helps,