When you configure a custom location for the Windows Firewall log file in Windows Vista, information may not be written to the log file. For example, if you configure Windows Firewall logging settings to create the C:\Custom folder\Firewall.log file, information may not be written to that log file.Note
By default, the Windows Firewall log is in the %windir%\System32\LogFiles\Firewall folder.
This issue may occur when the Windows Firewall service account does not have Write permissions for the folder where the log file is created. If you configured the file location by using Group Policy, the permissions on the folder where the log file is created are not set. Therefore, the Windows Firewall service account does not have Write permissions unless you configure them manually.Note
If you use the netsh advfirewall context or the Windows Firewall with Advanced Security Microsoft Management Console snap-in to configure the file location directly on a computer, the Windows Firewall service configures the folder permissions automatically.
To resolve this issue, manually give the Windows Firewall service account Write permissions for the folder where the log file is created. To manually change the folder permissions, follow these steps:
- Locate and then right-click the folder that you have specified for the logging file, and then click Properties.
- Click the Security tab, and then click Edit.
- Click Add, type NT SERVICE\mpssvc in the Enter object names to select box, and then click OK.
- In the Permissions dialog box, verify that MpsSvc has Write access, and then click OK.
These steps do not work in earlier versions of Windows because service security identifiers (SIDs) are not available in these versions.