![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 4%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
KB 2000257 itself is not included in the provided material, so its full text cannot be reproduced.
However, the 3 local security policies that are required for SQL Server setup when running as a local administrator are documented:
- Backup files and directories (
SeBackupPrivilege) - Debug programs (
SeDebugPrivilege) - Manage auditing and security log (
SeSecurityPrivilege)
If any of these rights have been removed from the account running SQL Server Setup, installation can fail. When SMB file shares are used for data, log, TempDB, or backup directories, the setup account also needs:
- FULL CONTROL on the SMB network share folder
-
SeSecurityPrivilegeon the SMB file server
If the three local policies are already configured as required and the failure is immediate with no SQL setup logs yet, verify specifically that:
- The account running setup actually holds these three rights in Local Security Policy (or via domain policy), not just that the policies look correct.
- No hardening GPO is removing or overriding these rights after logon.
- If using SMB shares for any SQL directories, the setup account has FULL CONTROL on the share and
SeSecurityPrivilegeon the file server as described.
To inspect the current privileges on the setup account, use the AccessChk tool as suggested in the FAQ:
accesschk.exe -a <domain\setupaccount> *
This will show whether SeBackupPrivilege, SeDebugPrivilege, and SeSecurityPrivilege are actually granted to the account that is running SQL Server Express 2022 setup.
References: