Microsoft KB Archive/323042

= Required User Rights for the Upgrade from Windows 2000 to Windows Server 2003 =

Article ID: 323042

Article Last Modified on 9/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition

-



This article was previously published under Q323042





SUMMARY
When you try to upgrade a Windows 2000 Server computer to Windows Server 2003, you may receive the following message:

You must be an Administrator to run this application.

NOTE: You may receive this message even if you are logged on to the server as Administrator:

This behavior may occur if the administrative rights that you need are either not defined or have been disabled because of a policy setting on the local computer or in the domain.

This article summarizes the user rights that you need to upgrade a computer from Windows 2000 to Windows Server 2003 Standard Edition or to Windows Server 2003 Enterprise Edition.



MORE INFORMATION
You need the following rights to upgrade Windows 2000 to Windows Server 2003 Standard Edition or to Windows Server 2003 Enterprise Edition:
 * Back up files and directories
 * Modify firmware environment values
 * Restore files and directories
 * Shutdown the system

Additionally, your security context or role determines your ability to complete Windows Setup. The following two tables illustrate the capacity in which you must be logged on to successfully complete Windows Setup, where Yes indicates that you can upgrade to Windows Server 2003 when logged on in that role, and where No indicates that you cannot upgrade to Windows Server 2003 in that role.

When Logged On to the Root Domain
 Role                 Servers in the            Servers in a                      root domain               subdomain

Domain       Member      Domain        Member Controller   Server      Controller    Server

Enterprise Administrator        Yes (1)       No          Yes            No

Domain Administrator        Yes (2)       Yes (3)     No             No

Builtin Administrator        Yes           No          No             No

When Logged On to a Non-Root Domain
 Role                 Servers in the            Servers in a                      root domain               subdomain

Domain       Member      Domain        Member Controller   Server      Controller    Server

Domain Administrator        No            No          Yes (2)        Yes (3)

Builtin Administrator        No            No          Yes             No

NOTE:
 * Intrinsically, members of the Builtin Administrators group can upgrade the operating system (OS) and install programs on the computer.


 * By default, Enterprise administrators are members of the Builtin Administrators group in the root domain.


 * By default, Domain administrators are members of the Builtin Administrators group in a domain.


 * By default, Domain administrators are members of the Builtin Administrators group on member servers in their domain.

To make sure that you can successfully upgrade to Windows Server 2003 Standard Edition or to Windows Server 2003 Enterprise Edition, follow these steps:  Verify the user rights assignments by using the Local Security Settings snap-in. To do this, follow these steps.

NOTE: If a policy is already applied at the domain, site, or organizational unit level that removes the necessary rights, you must modify the Group Policy of the domain.  Click Start, click Run, type secpol.msc in the Open box, and then click OK. In the Local Security Settings snap-in, expand Local Policies, and then double-click User Rights Assignment. In the policy list, verify that the Administrators group under which you want to install Windows Server 2003 has the following user rights assigned:  Back up files and directories</li> Modify firmware environment values</li> Restore files and directories</li> Shutdown the system</li></ul> </li> To add a right, double-click the policy, click Add, click the user or group that you want in the Name list, click Add, and then click OK two times.</li> Quit the Local Security Settings snap-in.</li></ol> </li> Disable or modify any policies at the domain, site, or organizational unit level that prevent the assignment of the correct user rights.

For additional information about Group Policy, visit the following Microsoft Web site:

http://technet.microsoft.com/library/Bb742376.aspx

</li></ol>

Additional query words: kbactivedirectory

Keywords: kberrmsg kbinfo KB323042

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.