Troubleshooting
Problem
Error 1314 - "A required privilege is not held by the client" may be encountered when an attempt is made to start a service on Microsoft Windows XP, 7, 8.1 or Windows server 2008 or 2012. This document describes the cause of the error and includes directions for setting up user accounts so that the error is not generated.
Cause
Error 1314 - A required privilege is not held by the client might be encountered in Microsoft Windows XP, 7, 8.1 or Windows server 2008 or 2012 when starting the IBM i Access for Windows Remote Command Service.
This error is typically encountered when the service has been configured to log on as a specific account rather than the system account. To start correctly as a specific account, that account must hold the following rights:
o | Act as part of the operating system |
o | Increase quotas (not required for Windows XP clients) |
o | Log on as a service (see note) |
o | Replace process level token |
To add these rights for Windows computers that are not part of a domain, do one of the following:
o Open a Windows 'Run' prompt and run secpol.msc
o Go to the Windows toolbar and click Start > Control Panel > Administrative Tools > Local Security Policy.
Next, expand Local Policies and select User Rights Assignment, then take the following steps for each right that must be added (using 'Log on as a Service' as an example):
1 | Locate Log on as a Service and double-left-click it to open the Log on as a service Properties window. |
2 | Click on the Add User or Group button. |
3 | Click on the Object Types button. |
4 | On the Object Types window, select Users. Deselect any other option. Click on the OK button. |
5 | On the Select Users or Groups window, click on the Advanced button. |
6 | On the resulting window, click on the Find Now button. This will return a list of PC users. |
7 | Select the user that you want to give the right to, and click the OK button. |
8 | On the next window, click the OK button. |
9 | You should be back on the Log on as a service Properties window and displaying the Local Security Setting tab. |
10 | The user that was given the Log on as a service right should be displayed as COMPUTER_NAME\User_Name. |
11 | Click on the Apply button and then the OK button. |
12 | This takes you back to the Local Security Settings window. |
13 | Repeat the steps for Act as part of the operating system and Replace process level token. |
To add these rights for computers that are part of a Domain:
The policy that is being enforced on the computer must be edited. Once the policy is edited, the server must be restarted for the changes to take effect. Refer to the 'NOTE' in Microsoft Article 272587 or contact your domain administrator or Microsoft for additional assistance.
Note: The Local System Account should (by default) have all of the required rights. If it does not, it can be given rights in the same manner that they are given to user accounts. To do so, follow the steps above. Select SYSTEM from the Select Users or Groups screen as shown below:
Note: These steps are used to give Microsoft Windows users the necessary rights to start a service. IBM i Global Support Center does not provide support for setting Microsoft Security. These steps are provided as a courtesy only. If additional assistance is required, contact Microsoft Support.
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1019929