I was working on updating servers when I came across SQL Server 2005 SP4 patch failing to install.  I was able to locate the installation logs in the SQL Server folder.  The reason for failure was that it could not add user NT AUTHORITY\SYSTEM to local group that just happened to be a domain group.  I wasn’t sure if this server used to be a domain controller, but it can have an effect on SQL Server installations as indicated by http://support.microsoft.com/kb/925976. [more]

I started combing through the registry under the Microsoft SQL Server path as listed in the above KB article to see if I could spot any of the keys.  Inside of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.3\Setup, I saw registry key SQLGroup with a SID that belonged to the domain group listed in the SQL install log.  The way you tell what the SID is mapped to is using a tool called PsGetSid from sysinternals.

I then decided to look up the SID for the local Administrators group using the PsGetSid utility, and then I changed the SQLGroup key data to the SID of the Builtin\Administrators group.  I restarted the SQL services to make sure they could restart after the change.

This time, the install worked and the log was clean.  I did see that NT Authority\System shows up in the local Administrators group on the server.