It's a new server running Windows Server 2008 R2 SP1 in an existing domain that earlier had an Exchange organisation that was subsequently removed (so this is a new Exchange organisation installation). I'm installing Exchange 2010 SP1. When I run Exchange setup, I get the "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" error in the installation GUI. It also appears in the Setup log, which I have repeated below: [02-20-2011 17:22:42.0041] [2] Active Directory session settings for 'Set-LocalPermissions' are: View Entire Forest: 'True', Configuration Domain Controller: 'Server.domain.local', Preferred Global Catalog: 'Server.domain.local', Preferred Domain Controllers: '{ Server.domain.local }' [02-20-2011 17:22:42.0041] [2] Beginning processing Set-LocalPermissions [02-20-2011 17:22:42.0446] [2] [ERROR] Unexpected Error [02-20-2011 17:22:42.0446] [2] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0477] [2] Ending processing Set-LocalPermissions [02-20-2011 17:22:42.0493] [1] The following 1 error(s) occurred during task execution: [02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0493] [1] 0. ErrorRecord: System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetDirectorySecurity(String path, DirectorySecurity directorySecurity) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.ChangePermissions[TTarget,TSecurity,TAccessRule,TRights](XmlNode targetNode, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel[TTarget,TSecurity,TAccessRule,TRights](XmlNode permissionSetNode, String targetType, Dictionary`2 rightsDictionary, GetTarget`1 getTarget, GetOrginalPermissionsOnTarget`2 getOrginalPermissionsOnTarget, SetPermissionsOnTarget`2 setPermissionsOnTarget, CreateAccessRule`2 createAccessRule, AddAccessRule`2 addAccessRule, RemoveAccessRuleAll`1 removeAccessRuleAll) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.SetPermissionsOnCurrentLevel(XmlNode permissionSetNode) at Microsoft.Exchange.Management.Deployment.SetLocalPermissions.InternalProcessRecord() [02-20-2011 17:22:42.0493] [1] [ERROR] The following error was generated when "$error.Clear(); Set-LocalPermissions " was run: "The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.". [02-20-2011 17:22:42.0493] [1] [ERROR] The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. [02-20-2011 17:22:42.0493] [1] [ERROR-REFERENCE] Id=AllRolesCommonFirst___00573a17b6e34c26842a6646830d57fa Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup [02-20-2011 17:22:42.0493] [1] Setup is stopping now because of one or more critical errors. [02-20-2011 17:22:42.0493] [1] Finished executing component tasks. [02-20-2011 17:22:42.0633] [1] Ending processing Install-BridgeheadRole I did some research and people said to run policytest.exe to check the security policy. When I run policytest I get this error: =============================================== Local domain is "domain.local" (DOMAIN) LookupAccountName returned error 1332 Abnormal exit from PolicyTest So clearly something is amiss with the AD / Policy config. Where do I go from here?

I managed to solve the SeSecurityPrivilege issue by going through all of my Group Policy Object files and removing the definitions for the "Manage the Auditing and Security Log" policy. The policy was defined in a few of my GPOs and contained two unidentified and unresolved SID entries. I now have Exchange 2010 installed okay, but I still get LookupAccountName 1332 errors when I run policytest.

Hi, Thank you for your update and I'm glad to hear that Exchange server is installed successfully. The solution is useful if other forum user has the same problem in future. Meanwhile, regarding to the LookupAccountName 1332 error, please refer to the following steps to troubleshoot the issue. 1) Open the Default Domain Controllers Security Settings snap-in on the domain controller specified in the event description. 2) In the console tree, under Security Settings, expand Local Policies, and then click User Rights Assignments. 3) In the results pane, double-click Manage auditing and security log. Verify that both the Exchange Servers group and the Exchange Enterprise Servers group are listed. 4) Make sure that the Exchange server is still a member of the Exchange Domain Servers group. Also, make sure that the Exchange Domain Servers group is a member of Exchange Enterprise Servers group. 5) Make sure that the group permissions are inherited by the Microsoft Exchange computer account. Besides, please run NetDiag and DCDiag to check whether the network connection and dc connection is all right.(If any error occur, please post here.) Thanks. Novak Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

In our situation we had this error trying to recover Exchange 2010 on our first Exchange 2010 SP2 server. We upgraded the OS from Windows 2008R2 SP1 standard to Enterprise so we could configure DAGs. We would get the same error during recovery setup when it got to the mailox role install. But we had no issues with our group policy or rights for SeSecurityPrivilidge with policytest.exe, our DC's all passed. In our case once we got this error Exchange 2010 was already in a partially recovered state and we had to manually remove it before we could attempt a recovery again, nor could we remove roles or uninstall it. This is what we should have done to avoid this problem and recover from start to finish: Rebuild Server with Windows Server Enterprise 2008R2. SP1 must be installed locally on sight as well as ALL available Windows updates before remote access works properly. Reset the computer account in AD and join it to the domain same name. Reboot. Turn off Windows Firewall must remain running and set to automatic. However If possible I advise turning it off in the control panel. Install all Exchange 2010 prerequisites for mailbox server role: Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart Make sure that the server is a member of the Exchange Domain Servers Exchange group in ADUC. Open command prompt on Exchange server as administrator: C:\policytest.exe: Results should be: Right found: "SeSecurityPrivilege" on all DC's. Reboot.Open Power Shell and run the following command: C:\Set-ExecutionPolicy -executionpolicy unrestricted -scope localmachineC:\get-executionPolicy list and make sure local machine is set to unrestricted. Open a command prompt, run as administrator: Set Command Prompt to Exchange SP2 source file directory.Run the following command to recover server: setup.com /m:recoverserver 10. Wait for the install to complete successfully and reboot the server. 11. Open EMS and run the following command to mount the mailbox databases: C:\get-mailboxdatabase -server Yourserver | mount-database 12. Open EMC and make certain all mailbox databases are currently mounted. 13. Remount any Public Database stores in EMC. Keep in mind if you already have a failed recovery attempt like we did you will need to delete all of your Exchange program files and registry keys and reboot as outlined here in this article. You can pick up at step 8 once you get everything removed and reboot. I followed this article to remove Exchange and get back to the point where I could run recovery mode again after the initial failure: http://penguyen.wordpress.com/tag/error-clear-rolebinpathservicecontrol-ps1-enableservices-critical/ Sure hope this helps someone because we've had at lot of issues with Power Shell execution with Server 2008R2 SP1 and Exchange 2010.