Fixing registry permissions errors when starting services on Windows Vista

[www.tuxx-home.at] - Website of Alexander Griesser - Sat, 16/01/2010 - 4:01pm
Today I got a notebook in my hands which failed to start several essential network services, like NLA, DHCP, ...
The error message shown in the event log when trying to start the NLA service was:
The service "NLA (Network Location Awareness)" has stopped with the
following service specific error: 3221226008

The system might also show the following error code:
1073741288

The solution to this fix is pretty simple, it's a registry permissions problem. Although I do not know what actually caused this issue, the system internal user "SERVICE" (or "DIENST" in german) needs to be added to the services registry hive in CCS and assigned special permissions to read and create values as well as enumerate subkeys.
To do this, start "regedit" and browse to the location of the failing service. For NLA, this is
HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters

Right click this key and add the user "SERVICE" to the list of allowed users. Assign the following special permissions to it: READ VALUE, CREATE SUBKEYS, ENUMERATE SUBKEYS.
That's all you need to do to fix this issue, start the service again then and repeat these steps for all other services too.

I used sysinternals (err, Microsofts) Process Monitor with some filters to find out the failing registry key, I suggest you have that running in the background too, it makes finding out the failing keys pretty easy.

If you have a lot of registry permission errors or if something is seriously f*ked up, try to restore the registry permissions to their default values with the following command:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose /areas REGKEYS

More information about this procedure can be found in KB313222.