Problem
I connected to a server with a local user account (not a user in the domain) which is a part of Administrators group, I tried to install the windows patch and received the following error message.
Solution
- I went to c:\windows and saw a log by the same name as the patch
- I opened the log and searched for: Failed To Enable , I have found the following:
0.329: Failed To Enable SE_BACKUP_PRIVILEGE
0.329: Setup encountered an error: You do not have permission to update Windows Server 2003.
Please contact your system administrator.
0.329: You do not have permission to update Windows Server 2003.
================================================================================
0.329: Failed To Enable SE_RESTORE_PRIVILEGE
0.329: Setup encountered an error: You do not have permission to update Windows Server 2003.
Please contact your system administrator.
0.329: You do not have permission to update Windows Server 2003.
================================================================================
- According to Microsoft’s article : http://support.microsoft.com/kb/888791 , in order to install windows update patch you’ll need the following permissions:
- Back up files and directories
- Restore files and directories
- Manage auditing and security log
- Take ownership of files or other objects
- Shutdown the system
- Debug programs
- From your server which you received the error message, go to start > run > gpedit.msc > and press Enter
- Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments
- Because we received an error in the log on: BACKUP_PRIVILEGE and RESTORE_PRIVILEGE, this means that we don’t have permissions on Back up files and directories and Restore files and directories.
- If you double clicked the definition and you can’t add your user (it’s grayed out) this means that it comes from the domain . In my case these two definitions came from the domain controller’s group policy. I have changed this definitions back to “Not Defined” on the domain controller. Otherwise add the user manually.
- Afterwards from the domain controller go to start > run > cmd > gpupdate /force
- In order to make sure it has changed in the domain controller go to start > run > rsop.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments
- After making sure that the definition has changed in the domain controller , go back to your server with the error massage and restart it.
Yaron & Idit 🙂
Thanks for the Help! You were very clear on the instructions! Thanks a lot! 🙂
Thank you so much…I had the similar issue and after disjoing and adding the server from domain….all went smooth
Having read this I believed it was extremely informative. I
appreciate you taking the time and effort to put this informative article
together. I once again find myself spending a significant amount of time both reading and posting comments.
But so what, it was still worth it!
Like your website, very good information. Thanks