The Windows Firewall Service Fails to start – Checking Privilege Access
As discussed in the previous posts in this series, there can be several causes that will prevent Windows Firewall from starting. In this installment, part 4 of 5 in the series, I will cover specifics of checking access privileges for both Windows Vista and Windows 7.
Checking Privilege access
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
You can see the privilege access settings by looking at the RequiredPrivileges registry value.
I have listed the values you will find in a default clean install below but it is possible you will have other values.
You can then check the privileges found in the previous step using secpol.msc. Make sure each of the above listed privileges has LOCAL SERVICE listed in them.
You can check this by one of the following methods:
Open secpol.msc, right click on root node (Security Settings) and export the data to an .inf file, open the .inf file in notepad.
Note: In the .inf file make sure the above listed privileges contain the SID of the needed object - for LOCAL SERVICE the SID is S-1-5-19
Note: This list below is edited to only contain the values we are looking for. There will be more values in the INF.
[Privilege Rights] SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551 SeAuditPrivilege = *S-1-5-19,*S-1-5-20 SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544 SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20 SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6 SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6
Open the Local Security Policy MMC (secpol.msc), then drill down to Local Policies / User Rights Assignment.
Find the Policy for the corresponding privileges (below) and make sure LOCAL SERVICE is listed in them.
Replace a process level token
Manage auditing and security log
Bypass traverse checking
Create global objects
Impersonate a client after authentication
Adjust memory quotas for a process
Missing privileges can be added via Registry Editor as follows:
In my next installment, I will cover Firewall service dependencies.
While I do very much appreciate this it feels slightly incomplete or already not conclusive. After step five you get a nice list of permissions. At this point the tutorial gets a little fuzzy and wants you to do what is in the screenshot above which should
be leaving the permissions completely empty. Would be nice if this was written out vs assuming.