Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Access Denied to the NTDS VSS Writer

View products that this article applies to.


NTDS Writer will throw a very vague event in the event log when it fails due to lack of permissions:

EventSystem warning 4354 : "The COM+ Event System failed to fire the RequestWriterInfo method on subscription. The subscriber returned HRESULT 80070005"

↑ Back to the top


This failure is due to the account being used to initiate the backup not having the appropriate level of permissions.  The documentation on MSDN indicates that the user needs to be a member of the Administrator Group, the Backup Operators Group of running as the Local System account.  On a Windows 2003 Server Domain Controller if you remove the Administrator account from the Domain Administrators group it is still a member of the BuiltIn\Administrators group, this group by default does not have the proper privileges to invoke the NTDS VSS Writer.

↑ Back to the top


Add the account being used to initiate backups to the Backup Operator Group.

↑ Back to the top

More Information

Security Considerations for Requesters documentation on MSDN: Security Considerations for Requesters

Third party backup vendors may use the technique of extracting the system files from a volume snapshot.  If backup software uses this method, the backup will not include the NTDS.dit file in the system state even though it was in the original volume snapshot.

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2005257
Revision : 6
Created on : 4/10/2019
Published on : 4/10/2019
Exists online : False
Views : 495