Configure Adams or Configure Client - SeSecurityPrivilege Error

Owned by Mont Rothstein
Last updated: Oct 28, 2021 by Diane Hancock
2 min read

Problem

Configure Client

When running Configure Client to setup a new client machine an "Access NOT Granted" error occurs.

---------------------------
Access NOT Granted
---------------------------
Access not granted to adams administrators

Error getting access rules for container: Foray Adams Client Key Container

The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
---------------------------
OK  
---------------------------

In the above error "adams administrators" could be a different group or user account.

Configure Adams

Accessing Configure Adams > Keys > Refresh Access reports the following errors.

Error getting access rules for container: Foray Adams Key Container

The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.

Adams Admin reports the following errors.  Note, Adams Admin reports these errors for other reasons as well.

Failed to decrypt RSA key in C:\inetpub\wwwroot\AdamsAdmin\Secrets.config Current user is NT AUTHORITY\NETWORK SERVICE

Failed to decrypt using provider 'ForayRsaProtectedConfigurationProvider'. 

Error message from the provider: The RSA key container could not be opened. (C:\inetpub\wwwroot\AdamsAdmin\Secrets.config) 

The RSA key container could not be opened.

Cause

The user running Configure Adams or Configure Client doesn't have the SeSecurityPrivilege even when elevating the application to have administrative privileges.

SeSecurityPrivilege is a standard privilege of the Administrators group but it can be removed.

To determine whether the user has the privilege:

  1. Click Start, click Run, type Command Prompt, and then press Enter
  2. Type whoami /priv and then press Enter
  3. If the SeSecurityPrivilege privilege is not in the list, then the user does not have the privilege. 

Solution

To resolve this issue the SeSecurityPrivilege needs to be granted to the user running Configure Adams or Configure Client.

  1. Log on to the computer as a user who has administrative credentials.
  2. Click Start, click Run, type Control admintools, and then click OK.
  3. Double-click Local Security Policy.
  4. In the Local Security Settings dialog box, click Local Policies, double-click User Rights Assignment, and then double-click Backup Files and Directories.
  5. In the Backup Files and Directories Properties dialog box, click Add User or Group.
  6. In the Select User or Groups dialog box, type the user account that is being used for setup, and then click OK two times.
  7. Repeat the procedure for the other two policies that are mentioned in the Cause section (i.e. Debug Programs, Manage auditing and security log)
  8. On the File menu, click Exit to close the Local Security Settings dialog box.
  9. You may need to log out and log back in for the settings to take effect.

Resources

SQL Server installation fails if the Setup account doesn't have certain user rights

Microsoft Windows Security

Manage auditing and security log


© 2023 Foray, LLC - All Rights Reserved