2

I recently installed Wireshark on a Win 7 host, but now it won't let me start the NPF service. I get:

C:\Windows\system32>net start npf
System error 5 has occurred.

Access is denied.

That's strange, because I am in the local admins group, and the SDDL string for the 'npf' service shows that the RP and WP permissions are allowed to the built-in administrator group.

C:\Windows\system32>net localgroup

Aliases for \\DOC

-------------------------------------------------------------------------------
*Administrators
*Backup Operators
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*IIS_IUSRS
*Network Configuration Operators
*Offer Remote Assistance Helpers
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Replicator
*Users
The command completed successfully.


C:\Windows\system32>sc sdshow npf

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)

Clearly I am missing something, but what?

MDMarra
  • 100,183
  • 32
  • 195
  • 326
David Bullock
  • 791
  • 3
  • 14
  • 20
  • WinPCap 4.1.2 I even un-installed and re-installed it. Then, as the same user, failed to start it using "net start npf". :-( McAfee is running on the machine, but isn't jumping up and down about stuff. – David Bullock Nov 16 '11 at 13:26
  • I even re-booted. Same problem. – David Bullock Nov 16 '11 at 14:01
  • Altough it might not be the solution you want, have you tried something like `sc sdset (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;YOUR_USER_SID)` assuming that it's not something silly like executing from the wrong user. EDIT: And check your GPO – user Nov 16 '11 at 14:15
  • Relevant [http://serverfault.com/questions/55961/is-it-possible-to-use-group-policy-to-grant-the-permission-to-manage-windows-ser](http://serverfault.com/questions/55961/is-it-possible-to-use-group-policy-to-grant-the-permission-to-manage-windows-ser) – user Nov 16 '11 at 14:22
  • I can try assigning direct to a user, although I didn't want to have to (like you suspected). Thanks for the link to the GPO info. 1am here ... a job for the morning, to be sure. (edited) – David Bullock Nov 16 '11 at 14:23
  • Is that an elevated command window? (If so, the title bar will say Administrator: cmd.exe instead of just cmd.exe.) – Harry Johnston Nov 16 '11 at 21:15

1 Answers1

4

It sounds like you're not running it from an elevated command prompt. From the GUI you can click Start > Type cmd > right click > Run As Administrator and try again.

From an unelevated command prompt you can do runas /user:domain\user cmd

MDMarra
  • 100,183
  • 32
  • 195
  • 326