Add Folder Permissions to Virtual Account “NT SERVICE\MSSQLSERVER”

If you need to manually add folder permissions to a virtual Windows accounts, like "NT SERVICE\MSSQLSERVER", the process is a little different than adding folder permissions to other accounts.

For example you have a .bak backup file in a folder that is not accessible by SQL Server when you browse for the file, and you are trying to manually restore the database. You need to add read permission to the folder where the backup file is located to the account that is running SQL Server service.

Or if you have an error in Event log caused by insufficient permissions for the service startup account:
Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\LogFiles\Sum\Api.log

...and you want to add read and write permissions manually to the service account used by SQL Server (sqlservr.exe) to access the C:\Windows\system32\LogFiles\Sum folder. If the service account is a Virtual Account "NT SERVICE\MSSQLSERVER", here is the process:

- Right-click the file or folder you want to set permissions
- click Properties
- click the Security tab.
- click Edit
- click Add

Type NT SERVICE\MSSQLSERVER in the object name box. (don't click "Check Names" - if you click Check Names it can happen that you get an error 'An object named "NT SERVICE\MSSQLSERVER" cannot be found.)


Click OK

If you get a window to choose from multiple objects that match the name entered, choose MSSQLSERVER account:


Add permissions that are needed to the MSSQLSERVER account:


For named instances, the virtual account that needs the folder permissions depends on the named instance name. For example if the maned instance is Test, add permissions to following virtual account: