Question

Access denied for backup operator user

Asked by: johnnash1180

Hi,

I am writing an application to copy files from one said location to another location for backup. I am enabling my process the
SeBackupPrivilege privilege by LookupPrivilegeValue function. My application's logon user is a member of backup operator group. My application is designed to copy any files, of any user, irrespective of user permission to the destination location/

My application works fine for XP and above OSes. But, I am getting access denied for the files/folders with are configured for access to particular user only in Windows 2000 systems [for both pro and advanced server OSes]. Am I missing anything....?

I am compiling my application in Windows XP SP2 OS. Is this is causing issue? If so, is there a way to resolve this issue, with out compiling application in Windows 2000 system.

Thanks in advance.

John Nash.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-03-07 at 08:24:59ID24208805
Tags

LookupPrivilegeValue

,

SeBackupPrivilege

,

SE_BACKUP_NAME

,

Windows 2000

,

Access Denied

Topics

Windows 2000 Operating System

,

Windows MFC Programming

,

Windows 2000 Server

Participating Experts
2
Points
500
Comments
11

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Registry Privileges.
    Hi. Just wondered what privilege I need to enable to write to the registry. (Windows NT, obviously.) Or, even better, is there a list of all the Se.......Privilege values anywhere? Thanks, John.
  2. dbstart "Insufficient Privileges"
    The Problem: When attempting to run dbstart I receive an "Insufficient Privileges" error. The Pertinent Information: - Database: Oracle 9i, Release 2 (9.2.0.1.0) - OS: Red Hat Linux AS (7.2) - Logon user|group: oracle dba - SYS password: oracle ...
  3. WMI Privileges
    Hi, my domain users have policies to run logon logoff vbs script. I must denied logon for some users. This is the code: ...... For Each os In GetObject("winmgmts:{impersonationLevel=impersonate,(shutdown,remoteshutdown)}!//" + objNet.Comput...
  4. "Access is denied" message when installing SP2
    I have a Windows XP Home SP1 PC that needs SP" and some anti-virus software loading onto it. SP2 install gets to 'Installing MSMSGS.INF' then stops with the error 'Access is Denied', SP2 rolls back and all is normal again. So far have tried: Uninstalling Avast AV and so...
  5. Cannot backup 2003 Exchange mailboxes; "Logon ac…
    For some reason, I have a logon failure when attempting to set up a backup job for our new exchange 2003 server. I installed the remote agent and rebooted the target machine no problem, but when I go to create the job, when I click the folder "Microsoft Exchange Mailbox...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Gideon7Posted on 2009-03-07 at 16:22:00ID: 23827325

ERROR_ACCESS_DENIED can be triggered if another process has the file open, regardless of your privilege level.  The only workaround is to create a volume snapshot using VSS (which of course doesn't exist on W2K).

Try also enabling SeRestorePrivilege.

 

by: johnnash1180Posted on 2009-03-08 at 23:12:35ID: 23833409

Thanks for reply.
At first, I suspected that the files may be is use by other applications. But by further analysis, the application not even list the files in the specified folder.

I tried to provide access for those folder to my application's logon user and it works.

I think that the SeRestorePrivilege is to get write permission on the specified folders/files. However, I will try that also.

Any other solution experts?

 

by: johnnash1180Posted on 2009-03-09 at 04:40:24ID: 23834743

I tried providing restore permission too. But, it still fails.

I attached the code I am using.

Any Ideas?

HANDLE tknHdl;
BOOL stat = FALSE;
if(OpenProcessToken (GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tknHdl))
{
	LUID val;
	if(LookupPrivilegeValue(NULL, SE_BACKUP_NAME, &val))
	{
		TOKEN_PRIVILEGES newState;
		DWORD error;
 
		newState.PrivilegeCount           = 1;
		newState.Privileges[0].Luid       = value;
		newState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
		SetLastError( ERROR_SUCCESS );
 
		stat = AdjustTokenPrivileges (tknHdl, FALSE, &newState, (DWORD) 0, NULL, NULL );
 
		if( (error = GetLastError()) != ERROR_SUCCESS )
		{
			stat = FALSE;
		}
 
		if( !stat )
		{
			wprintf( L"AdjustTokenPrivileges for %s permission failed with error number %d.", SE_BACKUP_NAME, error );
		}
	}
}

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:

Select allOpen in new window

 

by: johnb6767Posted on 2009-03-10 at 20:50:28ID: 23853825

May be a simple solution......

RegMon for Windows v7.04
http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx

FileMon for Windows v7.04
http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx

Set the filter at the top to Include "yourapp.exe", to highlight "access denied", and then try and recreate the errors by launching the application..........Then go to these apps, and look for the red, and it will tell you where the permissions are broken, and might lead you on the right track of narrowing it down.....

Or even use the new and improved utility form Sysinternals, that contains them both....

Process Monitor v1.22
http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx

 

by: johnnash1180Posted on 2009-03-13 at 09:20:41ID: 23880965

Hi,

Tried monitoring the application using FileMon application. The result is,

QUERY INFORMATION - E:\Test\PermissionTest\NoAccess\tstfile.txt - ACCESS DENIED - Attributes: Error

OPEN - E:\Test\PermissionTest\NoAccess\ - SUCCESS - Options: Open Directory  Access: 00100001

DIRECTORY - E:\Test\PermissionTest\NoAccess\ - SUCCESS - FileBothDirectoryInformation: testfile1.pl

QUERY INFORMATION - E:\Test\PermissionTest\NoAccess - SUCCESS - Attributes: DA

CLOSE      E:\Test\PermissionTest\NoAccess\      SUCCESS      

OPEN - E:\Test\PermissionTest\NoAccess\Subfolder\ - SUCCESS - Options: Open Directory  Access: 00100001

QUERY INFORMATION - E:\Test\PermissionTest\NoAccess\Subfolder\ - SUCCESS - FileBothDirectoryInformation: testfile2.pl

I manually disabled the access for my applications logon user to the folder "E:\Test\PermissionTest\NoAccess\".

Any suggestions please.. .

John Nash.

 

by: johnnash1180Posted on 2009-03-26 at 03:25:03ID: 23988740

Hi Experts,

Any other update on this issue...?
Am I missing anything obvious specific to Windows 2000 OS?

Thanks.

 

by: Gideon7Posted on 2009-03-26 at 14:27:41ID: 23995529

You are indicate that you are writing your own backup application.  Therefore presumably you have the source code.  Which Win32 API is failing, and what is the source code context?

The QUERY INFORMATION op is used by many different Win32 API calls: GetFileAttributes, FindFirstFile, CopyFile, MoveFile, etc.

Are you trying to use CopyFile()?  That won't work.  You need to open the file with the flag FILE_FLAG_BACKUP_SEMANTICS.  Neither CopyFile nor MoveFile set the flag when they call CreateFile internally.

Microsoft uses the undocumented function PrivCopyFileExW.  It sets the FILE_FLAG_BACKUP_SEMANTICS when it calls CreateFile internally.

For mere mortals the only supported way to back up a file while bypassing all security is to exlpicitly call CreateFile with FILE_FLAG_BACKUP_SEMANTICS, and then use the documented APIs BackupRead or BackupWrite.  This is the only way to reliably capture all metadata associated with the file (alternate streams, sparseness, DACL, SACL, attributes, extended attributes, hard links, object ID, etc.)

 

by: johnnash1180Posted on 2009-03-31 at 08:47:31ID: 24030191

No, I am not trying the CopyFile API. I am just trying to access file attributes using GetFileAttributes function and my application is failing at that place.

Any idea?

 

by: Gideon7Posted on 2009-03-31 at 10:17:52ID: 24031214

GetFileAttributes does not use FILE_FLAG_BACKUP_SEMANTICS on Windows 2000.  

Call CreateFile with FILE_FLAG_BACKUP_SEMANTICS to create the file handle.  Pass the file handle to GetFileInformationByHandle to get the BY_HANDLE_FILE_INFORMATION structure.  Inspect the dwFileAttributes member of the rBY_HANDLE_FILE_INFORMATION structure to get the file attributes

This works going all the way back to Windows NT and Windows 95.

 

by: johnnash1180Posted on 2009-11-01 at 22:02:49ID: 31555331

My issue is still not resolved. By the way, the suggestions shed light in the path to resolve this issue.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...