Configure Adams or Configure Client - SeSecurityPrivilege Error
Problem
Configure Client
When running Configure Client to setup a new client machine an "Access NOT Granted" error occurs.
---------------------------
Access NOT Granted
---------------------------
Access not granted to adams administrators
Error getting access rules for container: Foray Adams Client Key Container
The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
---------------------------
OK
---------------------------
In the above error "adams administrators" could be a different group or user account.
Configure Adams
Accessing Configure Adams > Keys > Refresh Access reports the following errors.
Error getting access rules for container: Foray Adams Key Container
The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
Adams Admin reports the following errors. Note, Adams Admin reports these errors for other reasons as well.
Failed to decrypt RSA key in C:\inetpub\wwwroot\AdamsAdmin\Secrets.config Current user is NT AUTHORITY\NETWORK SERVICE
Failed to decrypt using provider 'ForayRsaProtectedConfigurationProvider'.
Error message from the provider: The RSA key container could not be opened. (C:\inetpub\wwwroot\AdamsAdmin\Secrets.config)
The RSA key container could not be opened.
Cause
The user running Configure Adams or Configure Client doesn't have the SeSecurityPrivilege
even when elevating the application to have administrative privileges.
SeSecurityPrivilege
is a standard privilege of the Administrators group but it can be removed.
To determine whether the user has the privilege:
- Click Start, click Run, type Command Prompt, and then press Enter
- Type whoami /priv and then press Enter
- If the
SeSecurityPrivilege
privilege is not in the list, then the user does not have the privilege.
Solution
To resolve this issue the SeSecurityPrivilege
needs to be granted to the user running Configure Adams or Configure Client.
- Log on to the computer as a user who has administrative credentials.
- Click Start, click Run, type Control admintools, and then click OK.
- Double-click Local Security Policy.
- In the Local Security Settings dialog box, click Local Policies, double-click User Rights Assignment, and then double-click Backup Files and Directories.
- In the Backup Files and Directories Properties dialog box, click Add User or Group.
- In the Select User or Groups dialog box, type the user account that is being used for setup, and then click OK two times.
- Repeat the procedure for the other two policies that are mentioned in the Cause section (i.e. Debug Programs, Manage auditing and security log)
- On the File menu, click Exit to close the Local Security Settings dialog box.
- You may need to log out and log back in for the settings to take effect.
Resources
SQL Server installation fails if the Setup account doesn't have certain user rights
Manage auditing and security log
© 2023 Foray, LLC - All Rights Reserved