We have had an on-going issue on our network for some time that I finally resolved. Our network is a Windows 2008 domain environment using (obviously) AD and employing GPOs to enforce quite a few policies. Most of the client machines are Windows 7 with a few remaining XP machines in place just for a little variety.
The issue we have had is that end-users were not able to manually able to create restore points. When a user tried to create one manually, they would get the following error:
The restore point could not be created for the following reason:
Not all privileges or groups referenced are assigned to the caller. (0x80070514)
Please try again.
If the PC was removed from the domain, manual restore points could once again be created. So the source of the problem appeared to be a GPO. However a check of the GPO System restore settings were set to the default "not configured" (meaning that System restore was enabled. The GPO allows the System restore to be UI and SR configuration to be disabled, but the alternative to allow System Restore to function is simply to set these settings to "not configured".)
A check of the registry on effected machines showed nothing unusual either. GPOs and Registry seemed to check out.
So back to the message. The phrase "Not all privileges or groups referenced" piqued my curiosity. I decided to look at the GPO and focus on the local security policy. There, in User Rights Assignments I saw one that was interesting: "Back Up Files and Directories". This setting was set to domain admins. I added domain users to this privilege and rebooted.
Ta-da! Once again users we able to manually create restore points.