Microsoft KB Archive/929455

= When you configure a custom location for the Windows Firewall log file in Windows Vista, information may not be written to the log file =

Article ID: 929455

Article Last Modified on 3/15/2007

-

APPLIES TO


 * Windows Vista Enterprise 64-bit edition
 * Windows Vista Home Basic 64-bit edition
 * Windows Vista Home Premium 64-bit edition
 * Windows Vista Ultimate 64-bit edition
 * Windows Vista Business
 * Windows Vista Business 64-bit edition
 * Windows Vista Enterprise
 * Windows Vista Home Basic
 * Windows Vista Home Premium
 * Windows Vista Ultimate
 * Windows Vista Starter

-



SYMPTOMS
When you configure a custom location for the Windows Firewall log file in Windows Vista, information may not be written to the log file. For example, if you configure Windows Firewall logging settings to create the C:\Custom folder\Firewall.log file, information may not be written to that log file.

Note By default, the Windows Firewall log is in the %windir%\System32\LogFiles\Firewall folder.



CAUSE
This issue may occur when the Windows Firewall service account does not have Write permissions for the folder where the log file is created. If you configured the file location by using Group Policy, the permissions on the folder where the log file is created are not set. Therefore, the Windows Firewall service account does not have Write permissions unless you configure them manually.

Note If you use the netsh advfirewall context or the Windows Firewall with Advanced Security Microsoft Management Console snap-in to configure the file location directly on a computer, the Windows Firewall service configures the folder permissions automatically.



RESOLUTION
To resolve this issue, manually give the Windows Firewall service account Write permissions for the folder where the log file is created. To manually change the folder permissions, follow these steps:
 * 1) Locate and then right-click the folder that you have specified for the logging file, and then click Properties.
 * 2) Click the Security tab, and then click Edit.
 * 3) Click Add, type NT SERVICE\mpssvc in the Enter object names to select box, and then click OK.
 * 4) In the Permissions dialog box, verify that MpsSvc has Write access, and then click OK.

Note These steps do not work in earlier versions of Windows because service security identifiers (SIDs) are not available in these versions.

Keywords: kbtshoot kbexpertiseinter kbprb KB929455

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.