Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Required User Rights for the Upgrade from Windows 2000 to Windows Server 2003


View products that this article applies to.

This article was previously published under Q323042

↑ Back to the top


Summary

When you try to upgrade a Windows 2000 Server computer to Windows Server 2003, you may receive the following message:
You must be an Administrator to run this application.
NOTE: You may receive this message even if you are logged on to the server as Administrator:

This behavior may occur if the administrative rights that you need are either not defined or have been disabled because of a policy setting on the local computer or in the domain.

This article summarizes the user rights that you need to upgrade a computer from Windows 2000 to Windows Server 2003 Standard Edition or to Windows Server 2003 Enterprise Edition.

↑ Back to the top


More information

You need the following rights to upgrade Windows 2000 to Windows Server 2003 Standard Edition or to Windows Server 2003 Enterprise Edition:
  • Back up files and directories
  • Modify firmware environment values
  • Restore files and directories
  • Shutdown the system
Additionally, your security context or role determines your ability to complete Windows Setup. The following two tables illustrate the capacity in which you must be logged on to successfully complete Windows Setup, where Yes indicates that you can upgrade to Windows Server 2003 when logged on in that role, and where No indicates that you cannot upgrade to Windows Server 2003 in that role.

When Logged On to the Root Domain


Role                  Servers in the            Servers in a
                      root domain               subdomain

                      Domain        Member      Domain        Member
                      Controller    Server      Controller    Server

Enterprise
Administrator         Yes (1)       No          Yes            No   

Domain
Administrator         Yes (2)       Yes (3)     No             No  

Builtin 
Administrator         Yes           No          No             No
					

When Logged On to a Non-Root Domain


Role                  Servers in the            Servers in a
                      root domain               subdomain

                      Domain        Member      Domain        Member
                      Controller    Server      Controller    Server

 
Domain
Administrator         No            No          Yes (2)        Yes (3)  

Builtin
Administrator         No            No          Yes             No 
					
NOTE:
  • Intrinsically, members of the Builtin Administrators group can upgrade the operating system (OS) and install programs on the computer.

  • By default, Enterprise administrators are members of the Builtin Administrators group in the root domain.

  • By default, Domain administrators are members of the Builtin Administrators group in a domain.

  • By default, Domain administrators are members of the Builtin Administrators group on member servers in their domain.
To make sure that you can successfully upgrade to Windows Server 2003 Standard Edition or to Windows Server 2003 Enterprise Edition, follow these steps:
  1. Verify the user rights assignments by using the Local Security Settings snap-in. To do this, follow these steps.

    NOTE: If a policy is already applied at the domain, site, or organizational unit level that removes the necessary rights, you must modify the Group Policy of the domain.
    1. Click Start, click Run, type secpol.msc in the Open box, and then click OK.
    2. In the Local Security Settings snap-in, expand Local Policies, and then double-click User Rights Assignment.
    3. In the policy list, verify that the Administrators group under which you want to install Windows Server 2003 has the following user rights assigned:
      • Back up files and directories
      • Modify firmware environment values
      • Restore files and directories
      • Shutdown the system
    4. To add a right, double-click the policy, click Add, click the user or group that you want in the Name list, click Add, and then click OK two times.
    5. Quit the Local Security Settings snap-in.
  2. Disable or modify any policies at the domain, site, or organizational unit level that prevent the assignment of the correct user rights.

    For additional information about Group Policy, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB323042, kbinfo, kberrmsg

↑ Back to the top

Article Info
Article ID : 323042
Revision : 13
Created on : 9/28/2007
Published on : 9/28/2007
Exists online : False
Views : 414