56202: Acronis Cyber Protect Cloud, Acronis Cyber Protect: required managed machine service user rights

Last update: 09-02-2023

Acronis Managed Machine Service user should be assigned these privileges:

  1. Included in the Backup Operators and Administrators groups. On a Domain Controller, the user must be included in the group Domain Admins.
  2. Granted the Full Control permission on the folder %PROGRAMDATA%\Acronis (in Windows XP and Server 2003, %ALLUSERSPROFILE%\Application Data\Acronis) and on its subfolders.
  3. Assigned these user rights:
    • Log on as a service
    • Adjust memory quotas for a process
    • Replace a process level token
    • Modify firmware environment values

During installation, you can specify an existing user or create a new one. The specified user will be granted necessary rights during installation. In case you need to specify the rights manually (e.g. when changing the user later), please follow these instructions.

More information

You can verify the required privileges on the machine in one of these ways:

With Acronis system information report

  1. Collect Acronis system information and open the archive.
  2. In msinfo32report.nfo, find Acronis Managed Machine Service user:
  3. Open rights_assign.txt and navigate to the [Privilege Rights] section. Here you can check whether Acronis Managed Machine Service user is granted the necessary privileges. Check whether this user is listed in:
    1. SeIncreaseQuotaPrivilege for "Adjust memory quotas for a process"
    2. SeAssignPrimaryTokenPrivilege for "Replace a process level token"
    3. SeServiceLogonRight for "Log on as a service"
    4. SeSystemEnvironmentPrivilege for "Modify firmware environment values"

With a special tool

  1. Download detectprivileges.zip and unzip it
  2. On the machine where you want to check privileges, log in under the user that is used for running Acronis Managed Machine Service or use "Run as" feature to start Command Prompt under that user.
  3. Launch Command Prompt and navigate to the folder where the tool is stored. Run Detect Privileges tool and save output to a file, e.g.:
    DetectPrivileges.exe > report.txt 
  4. Check the created report and adjust the necessary privileges.