How to identify the source of the bug:
- Download and run “Process Monitor”.
- Add filters:
- Image path contains "svchost" then Include.
- Result contains "access".
- Try to start the firewall - it will show you cause - the access error on the registry key (e.g. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess").
How to identify if the solution can fix your problem:
Add permission: add user ‘Everyone’ and give it ‘Full Control’. Retry, it should work… Remove the user ‘Everyone’ which is not the right way to solve the problem.
The problem probably lie in the fact that you are missing another permission on every “Epoch” key under “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess”.
Solution:
The solution had been tested for the firewall but should probably could be applied to other services. See “Identify the source of the bug” to identify if it apply to your service and what registry key you need to modify.
This solution apply at least for the Windows Firewall service:
- Open regedit and navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess".
- Add Permissions (Query Value and Set Value) to all Epoch keys for user MpsSvc:
- Right click "Epoch?" and select Permissins... (where ? is either nothing or 2 or 3 or …).
- Press Add...
- Press Locations..., select current machine (first one usually) and confirm.
- Write user NT SERVICE\mpssvc, press Check Names and confirm (this step could be problematic because this system user is "hidden").
- Check “Allow” “Full Control” (it is temporary in order to set advanced permissions).
- Press Advanced, select “MpsSvc” and press Edit.
- Press Show advanced permissions and check only “Query Value” and “Set Value”.
- Press OK to accept, press OK to accept again, press OK to accept again.
- Do that for all “Epoch” entries.
Your done… Good luck!