I recently installed Wireshark on a Win 7 host, but now it won't let me start the NPF service. I get:
C:\Windows\system32>net start npf
System error 5 has occurred.
Access is denied.
That's strange, because I am in the local admins group, and the SDDL string for the 'npf' service shows that the RP and WP permissions are allowed to the built-in administrator group.
C:\Windows\system32>net localgroup
Aliases for \\DOC
-------------------------------------------------------------------------------
*Administrators
*Backup Operators
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*IIS_IUSRS
*Network Configuration Operators
*Offer Remote Assistance Helpers
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Replicator
*Users
The command completed successfully.
C:\Windows\system32>sc sdshow npf
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
Clearly I am missing something, but what?
It sounds like you're not running it from an elevated command prompt. From the GUI you can
click Start > Type cmd > right click > Run As Administratorand try again.From an unelevated command prompt you can do
runas /user:domain\user cmd