Add Folder Permissions to Virtual Account “NT SERVICE\MSSQLSERVER”

If you need to manually add folder permissions to a virtual Windows accounts, like "NT SERVICE\MSSQLSERVER", the process is a little different than adding folder permissions to other accounts.

For example you have a .bak backup file in a folder that is not accessible by SQL Server when you browse for the file, and you are trying to manually restore the database. You need to add read permission to the folder where the backup file is located to the account that is running SQL Server service.

Or if you have an error in Event log caused by insufficient permissions for the service startup account:
Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\LogFiles\Sum\Api.log

...and you want to add read and write permissions manually to the service account used by SQL Server (sqlservr.exe) to access the C:\Windows\system32\LogFiles\Sum folder. If the service account is a Virtual Account "NT SERVICE\MSSQLSERVER", here is the process:

- Right-click the file or folder you want to set permissions
- click Properties
- click the Security tab.
- click Edit
- click Add

Type NT SERVICE\MSSQLSERVER in the object name box. (don't click "Check Names" - if you click Check Names it can happen that you get an error 'An object named "NT SERVICE\MSSQLSERVER" cannot be found.)

add_folder_permissions_1

Click OK

If you get a window to choose from multiple objects that match the name entered, choose MSSQLSERVER account:

add_folder_permissions_2

Add permissions that are needed to the MSSQLSERVER account:

add_folder_permissions_3

If the post helped you, please share it:
Pin It

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">