The Windows Firewall Service Fails to start – Registry Permissions

As discussed in my previous posts in this series, there can be several causes that will prevent the Windows Firewall from starting. In this installment, part 3 of 5, I will cover specifics of checking registry permissions.


Checking Registry Permissions

You can verify the permissions in Registry Editor by right-clicking each of the following registry keys and choosing Permissions. Then, highlight the desired account and click Advanced. Then highlight the desired account (again) and click Edit.

Depending on the operating system version, either NT Service\MpsSvc or NT Service\BFE needs permissions for the following keys as described below (note that HKEY_LOCAL_MACHINE has been shortened to HKLM):

HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
  • Windows Vista: NT Service\BFE – Query Value, Set Value, Create Subkey, Enumerate Sub Keys, Notify, Read Control
  • Windows 7: NT Service\BFE – Query Value, Set Value, Create Subkey, Enumerate Sub Keys, Notify, Read Control
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy
  • Windows Vista: NT Service\MpsSvc – Full Control
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value, Create SubKey, Enumerate SubKeys, Notify, Delete, Read Control
HKLM\SYSTEM\CurrentControlSet\Services\ShareAccess\Epoch
  • Windows Vista: NT Service\MpsSvc – Query Value, Set Value
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value
HKLM\SYSTEM\CurrentControlSet\Services\ShareAccess\Epoch2
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
  • Windows Vista: NT Service\MpsSvc – Full Control
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value, Create SubKey, Enumerate SubKeys, Notify, Delete, Read Control

Reviewing registry permissions for Windows Vista:

clip_image002

Reviewing registry permissions for Windows 7:

clip_image003

What’s next?

In my next blog post in this series, I will cover access privileges.

|1|left|yes
Pin It