locked
Backup Operator can't create backups - "You must be logged on as an administrator" RRS feed

  • Question

  • Hi All,

    I'm running some trials with Win7 before we deploy it fully, and I'm having problems being able to configure/run backups.

    Background Info:

    • Computers are joined to a Windows Domain [2K8 & 2K3 DC's]
    • My test account is just a standard user, but I've added them to the 'Backup Operators' group on the trial computer(s)
    • When I try to configure a backup, I receive the UAC prompt and authenticate as the trial user

    After that though, I get an error message saying:

    The backup application could not start due to an internal error:
    
    
    
    You must be logged on as an administrator to perform this task.
    
    (0x81000010)

    I've tried searching for an answer, but I haven't really come up with anything helpful.

    Any ideas / suggestions on how I might be able to fix this?

     

    Tuesday, June 8, 2010 6:45 AM

Answers

  • Hi,

     

    To troubleshoot the issue, please try the following steps.

     

    1. Add the standard user to AppLocker.

     

    Type Secpol.msc in Search box in Start menu> Application Control Policies > AppLocker > Executable Rules > New hash rule for Backup Operators to allow them to use sdclt.exe

     

    2. Tried to add user in the following GPO:

     

    Computer Configuration>Windows settings>Security settings> Local policies>User rights assignements> Back up files and directories.

     

    3. Plug an external hard drive and try to back up information to the driver for a test.

     

    Thanks,

    Novak

    • Marked as answer by Novak Wu Monday, June 21, 2010 1:35 AM
    Wednesday, June 9, 2010 2:46 AM

All replies

  • Hi,

     

    To troubleshoot the issue, please try the following steps.

     

    1. Add the standard user to AppLocker.

     

    Type Secpol.msc in Search box in Start menu> Application Control Policies > AppLocker > Executable Rules > New hash rule for Backup Operators to allow them to use sdclt.exe

     

    2. Tried to add user in the following GPO:

     

    Computer Configuration>Windows settings>Security settings> Local policies>User rights assignements> Back up files and directories.

     

    3. Plug an external hard drive and try to back up information to the driver for a test.

     

    Thanks,

    Novak

    • Marked as answer by Novak Wu Monday, June 21, 2010 1:35 AM
    Wednesday, June 9, 2010 2:46 AM
  • Hello

     

    I have the very same issue: same error code when trying to configure backup but only since I joined my corporate domain.

    I performed the steps you indicated without noticing any improvement.

     

    Would you have any other leads? Could I provide any log helping in troubleshooting this?

    Thanks in advance.

    Wednesday, August 11, 2010 1:27 PM
  • I have the same issue after joining domain, did you every find an answer?
    Tom
    Monday, February 21, 2011 6:29 PM
  • 1 - Makes no sense and was a red herring, nobody mentioned AppLocker. (And I couldn't find the path to sdclt.exe anyway...existing documentation is *very* sparse.

     

    2 - Pointed me in the right direction, but couldn't modify the local policy. The AD policy had a certain group listed, we had to add the local administrator's group to the policy, one gpupdate and logout/login later, and it's fixed!


    --Seek Truth, and you will find Joy!
    Tuesday, June 28, 2011 8:54 PM
  • I found that if I login as the network administrator at my work, it lets me create a backup. Didn't work with any other login. Must be some security policy that my network admin setup...
    Monday, August 6, 2012 5:04 PM
  • the > in the instruction separates the steps:

    1. in start menu search box type in secpol.msc (same as going to admin tools, local security policy)

    2. in policy mmc go to application control policies then applocker,

    3. right click on Executable Rules and select create new rule

    4. under action select allow - for user or group select and change location to local computer and in object type in Backup Operators

    5. click on File Hash

    6. click on browse Files (incidentally takes you to windows\system32)

    7. start typing in sdclt.exe and it'll auto fill or scroll to find it

    8. enter description if you like or not

    click Create

    Thursday, September 13, 2012 7:36 PM