0X0000023B

Fixing ERROR_IO_PRIVILEGE_FAILED (0x0000023B) in Windows

Windows Errors Intermediate 👁 1 views 📅 May 28, 2026

This IO privilege error shows up when a program lacks the right to access hardware like drives or ports. Here's how to fix it without wasting time.

When This Error Shows Up

You're working on a file server or running a backup tool like Veeam, Acronis, or even a simple robocopy script. Suddenly, the job fails with ERROR_IO_PRIVILEGE_FAILED and the code 0x0000023B. Or maybe you're trying to image a drive with dd or Disk2vhd, and Windows yanks the rug out from under you. Had a client last month who couldn't run their nightly backup to a USB drive — this exact error popped up every time the software tried to read the disk's raw sectors.

Another common trigger: using chkdsk /f on a system drive that's mounted as read-only. Or trying to mount a VHDX file from a network share. Bottom line — Windows is telling you the program doesn't have the privilege level it needs to talk directly to the hardware.

Why It Happens

The root cause is simple: Windows Security is blocking a specific set of privileges called SeBackupPrivilege and SeRestorePrivilege. These are the "back up files and directories" and "restore files and directories" rights. Without them, a program can't bypass file-level permissions to read or write raw disk sectors. This is by design — it keeps malware from cloning your hard drive. But it also blocks legitimate tools.

Most often, the program running isn't elevated — it's running under a user account that doesn't have these privileges, or it's a service that's not configured to use them. You'll also see this if the Volume Shadow Copy service is borked, or if the target drive has a weird partition layout (like a GPT disk with a protective MBR that's corrupt).

Fix 1: Run the Program as Administrator (Quick Check)

This fixes about 60% of cases. Right-click the program's shortcut or .exe, pick Run as administrator. If the error goes away, you need to set it to always run elevated.

  1. Right-click the shortcut, choose Properties.
  2. Go to the Compatibility tab.
  3. Check Run this program as an administrator.
  4. Click OK.

If it's a scheduled task or service, you'll need to assign the logon account the Back up files and directories and Restore files and directories user rights. Open Local Security Policy (secpol.msc), go to Local Policies > User Rights Assignment, and add the account to both privileges. Then restart the task or service.

Fix 2: Grant SeBackupPrivilege via Registry (For Stubborn Cases)

If elevation doesn't work, the problem might be that the privilege is explicitly denied in the registry. This happens sometimes after a Windows update or a third-party security tool locks things down.

  1. Open Regedit as Administrator.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
  3. Look for a DWORD called LimitBlankPasswordUse. If it's set to 1, change it to 0 — but only if you're sure about blank password policies. For most, it's fine.
  4. More directly, check HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts — but that's a rabbit hole. Instead, use the command line to grant the privilege.

Fix 3: Use the Command Line to Grant Privileges (The Real Fix)

This is what I use for servers. Open an elevated command prompt (run as admin) and use ntrights (from the Windows Resource Kit) or the built-in secedit tool. I prefer ntrights because it's direct.

ntrights +r SeBackupPrivilege -u YourUserName
ntrights +r SeRestorePrivilege -u YourUserName

If you don't have ntrights, you can download it from Microsoft's site (it's in the Windows Server Resource Kit). Or use PowerShell:

$user = 'YourDomain\YourUserName'
$privileges = 'SeBackupPrivilege', 'SeRestorePrivilege'
foreach ($priv in $privileges) {
    $tmp = [System.Security.Principal.NTAccount]($user)
    $tmp.Translate([System.Security.Principal.SecurityIdentifier])
    # Then use secedit to apply — but it's messy
}

Honestly, just grab ntrights. It's a tiny exe that saves hours.

Fix 4: Check Volume Shadow Copy and Disk Drivers

If the error happens during backup or disk imaging, your Volume Shadow Copy service might be in a bad state. Open an admin command prompt and run:

sc query vss
sc query swprv

Both should show STATE : 4 RUNNING. If not, start them:

net start vss
net start swprv

Also check your disk drivers. Open Device Manager, expand Disk drives, right-click your drive, choose Properties > Driver tab. If the driver is from 2006, update it. I've seen ancient IDE drivers cause this on modern servers.

What If It Still Fails?

If none of this works, the problem is likely environmental. Had a case where a client's backup software was hitting this error on a drive that had a dirty bit set — fsutil dirty query E: returned Dirty. A chkdsk fixed it. Another time, the drive was formatted as FAT32 and the backup tool was trying to read beyond the 4GB file limit. Reformatting as NTFS solved it.

Also check for BitLocker or EFS encryption on the target drive. If the program doesn't have the encryption key, it gets this error. Decrypt the drive or grant the program access to the encrypted container.

Last resort: boot into Safe Mode and try the operation there. If it works in Safe Mode, a third-party driver or security software is the culprit. Process of elimination from there.

Was this solution helpful?

ERROR_IO_PRIVILEGE_FAILED 0x0000023B IO privilege error Windows error fix disk access denied USB device error hardware access denied run as administrator driver conflict registry fix SeBackupPrivilege SeRestorePrivilege chkdsk error backup software error file server issue