It's a new server running Windows Server 2008 R2 SP1 in an existing domain that earlier had an Exchange organisation that was subsequently removed (so this is a new Exchange organisation installation). I'm installing Exchange 2010 SP1. When I run Exchange setup, I get the "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" error in the installation GUI. It also appears in the Setup log, which I have repeated below: [02-20-2011 17:22:42.0041] [2] Active Directory session settings for 'Set-LocalPermissions' are: View Entire Forest: 'True', Configuration Domain Controller: 'Server.world.local', Preferred Global Catalog: 'Server.world.local', Preferred Domain Controllers: '{ Server.world.local }' [02-20-2011 17:22:42.0041] [2] Beginning processing Set-LocalPermissions [02-20-2011 17:22:42.0446] [2] [ERROR] Unexpected Error [02-20-2011 17:22:42.0446] [2] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0477] [2] Ending processing Set-LocalPermissions [02-20-2011 17:22:42.0493] [1] The following 1 error(s) occurred during task execution: [02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetDirectorySecurity(String path, DirectorySecurity directorySecurity) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.ChangePermissions[TTarget,TSecurity,TAccessRule,TRights](XmlNode targetNode, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel[TTarget,TSecurity,TAccessRule,TRights](XmlNode permissionSetNode, String targetType, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel(XmlNode permissionSetNode) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.InternalProcessRecord() [02-20-2011 17:22:42.0493] [1] [ERROR] The following error was generated when "$error.Clear(); Set-LocalPermissions " was run: "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.". [02-20-2011 17:22:42.0493] [1] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0493] [1] [ERROR-REFERENCE] Id=AllRolesCommonFirst___00573a17b6e34c26842a6646830d57fa Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup [02-20-2011 17:22:42.0493] [1] Setup is stopping now because of one or more critical errors. [02-20-2011 17:22:42.0493] [1] Finished executing component tasks. [02-20-2011 17:22:42.0633] [1] Ending processing Install-BridgeheadRole I did some research and people said to run policytest.exe to check the security policy. When I run policytest I get this error: =============================================== Local domain is "domain.local" (DOMAIN) LookupAccountName returned error 1332 Abnormal exit from PolicyTest So clearly something is amiss with the AD / Policy config. Where do I go from here?