Diagnostic Policy Service is not running - how to fix? Can't start diagnostic policy service - what should I do? Diagnostic Policy Service won't start error 5

Tips for beginners

Some users of Windows systems based on Windows 7 and above sometimes encounter the problem that when starting some application that involves using a network connection in its work, an error is generated stating that the diagnostic policy service is not running. Let's try to figure out what it is, and why the specified service is needed at all. Among other things, we will give some tips on how to fix the problem in different ways.

What does the message "Diagnostic Policy Service is not running" mean?

First of all, you need to clearly understand that such an error is associated exclusively with the network and Internet settings. When you receive a message that the diagnostic policy service 8 or 7, for example, signals that the user does not have sufficient rights to make changes to settings related to network connections.

This is most often manifested in the case of using the so-called pirated assemblies, and not the official distributions used when installing the system itself. What is most unfortunate is the appearance of a message that the diagnostic policy service cannot be started, although the user has administrative rights (as he thinks) when he logs on to the system. In fact, in systems starting with the "seven", there is also a super administrator account. Have you noticed, after all, that sometimes programs need to be launched through a right-click with a choice from the menu of the appropriate launch type? Of course, this "accounting" can be disabled in the simplest way, however, as practice shows, this does not always work.

The diagnostic policy service is not running: how to fix the situation in the simplest way?

As for the simplest method for fixing a problem that has arisen, first you should make sure that the official version of Windows is installed on the computer terminal or laptop.

Without this, you can not even try to change something, although some manual configuration options may work.

To begin with, after a message appears that the diagnostic policy service is not running, you can try to simply reboot the system or restore it from a checkpoint (rollback) to a previous state (but only on the condition that there were no problems before and it worked fine ). If this does not help, you will have to, as they say, turn on your brains and apply drastic methods.

Editing system registry keys

In principle, the problem of how to start the Windows 7 or 8 diagnostic policy service is solved by editing system registry keys or security policy. Both editors, in general, duplicate settings. Only by making changes in one of them, it will not be possible to cancel their saving in the other.

So what do we need? For starters, call the editor with the regedit command from the Run menu (Win + R). Next, go to the HKLM branch, where, through the System folder tree, go down to the Diag section. In the Network Service group, you need to set the full permission by checking the appropriate "flag" and save the changes. In theory, after rebooting the system, the problem will disappear.

Using the services section for manual start

If the above option does not work, you can do something else. We use the same Run menu and enter the services.msc command.

After entering the service editor, we check the settings of the IPSec security agent, the diagnostic service node and the service itself. If the startup value is set to something other than automatic, it must be changed (for the first and third, set the second to "Manual"). Again, after that you need to reboot the system.

Reset network settings

Now we assume this option: again a message appears stating that the diagnostic policy service is not running. What to do in this case? Everything is simple. You will need to do it if they are registered manually (IP and DNS server address).

For starters, you can set them to receive them automatically.

If this does not help, you should use a command line call, where the following is written:

pconfig /release

ipconfig /renew

ipconfig /flushdns

netsh int ip reset c:\log1.txt

netsh winsock reset c:\log2.txt

Editing access rights

But even this may not be enough. How to start the Windows Diagnostic Policy Service in another way? As easy as pie. We use editing rights to change network settings.

In the standard Explorer, right-click on the letter of the system drive to call the context menu and select properties. On the security tab, use the user groups section and go to advanced settings. Then, after searching for registered users, we look for the LOCAL SERVICE service (the "Change" and then "Add" buttons) and set the rights wherever there is a ban.

Command line comes to the rescue

Finally, one of the fastest ways to get rid of the service not running message is to quickly type in a few commands.

For Russian-language systems, this is the sequence:

net localgroup administrators /add networkservice

net localgroup administrators /add localservice

For English-language versions, everything is the same, only the Russian-language word "Administrators" is changed to Administrators.

Outcome

That, in fact, is all that concerns the launch of the diagnostic service. Of course, for many users, this may seem quite complicated. Nevertheless, in the end, I would like to note that no other methods will be able to correct the situation. So be patient and knowledgeable.

By the way, the choice of a method for solving this problem, although it depends on the user, nevertheless, it must be clearly understood that nothing good will come of duplicating the system registry keys and starting the service from the corresponding editor. Or registry - or services. Worst of all, the service editor takes precedence. That is, if changes are made with its help, it will not be possible to change something in the system registry. So keep that in mind for the future.

But that's not all. The best way, as it turns out, is to use the command line. The fact is that Windows system services in the absence of admin rights may not always work. Moreover, it is the command line that needs to be run as an administrator, otherwise nothing will work. But, in general, this is the most effective method. Although in some cases, standard methods also help.

On the other hand, if the user has a “cracked” version of the operating system itself, no matter how you reinstall it, nothing will work. The service can be blocked at the installation stage at the time of the introduction of the "left" license key. You yourself understand that in this case it is better to install the official modification, and if you have the appropriate hardware, go to the latest version in the form of a dozen. It, of course, also causes criticism among many, but it still “bugs” on as much as the “eight” or its version in the form of version 8.1. And that is why it is recommended to make the transition. And, what is most interesting, you can download the “top ten” for free from the official Microsoft website. You will have to pay for versions 7 and 8 and pay a significant amount for it, which many of our users simply cannot afford.

In general, think for yourself what to do in this case, and which of the above methods to apply. Each of them works well in its own way, and none of them can be discounted. However, there are other methods to get rid of the message that the Diagnostics Policy Service is not running. Due to their complexity, they are not considered. Here are the simplest solutions that can be applied in practice for any systems. Actually it really works. These schemes have been tested by many users in practice, even when using the XP and Vista versions, not to mention the updated developments. But they, despite all their advantages, are also capable of producing such errors. As already clear, you can deal with them using the above methods.

The error often appears on computers with "pirated assemblies" of Windows 7,8,8.1 operating systems. I also fixed a similar error several times on licensed systems.

The main symptom is the inability to get network connection settings, it is impossible to connect to a computer network via LAN. The following entry is recorded in the system logs:
The Network and Sharing Center reports that the child service could not be started.
Windows Network Diagnostic reports: The Diagnostic Policy Service is not running.

You can fix the problem in several ways, I offer some of the working ones.

Method 1: Reset IP and DNS settings for all network connections.
The method works only if the designated services are turned off, which is quite rare.
Commands are executed on the command line (call command line Win+R, cmd Enter). Press Enter at the end of the command.
Reset and get new IP from DHCP server:
ipconfig /release
ipconfig /renew
Flush DNS cache:
ipconfig /flushdns
Complete reset of TCP/IP protocol pool and Winsock protocol:
netsh int ip reset c:\log1.txt
netsh winsock reset c:\log2.txt
After resetting the settings, you need to restart the computer, this can be done on the command line with the command:
shutdown -r -t 0

Method 2: Starting system services
In some cases, the required services were unknowingly disabled by the user during computer setup through system optimizers or a third-party firewall. To run, you need to call the snap Services in any way possible.
Standard access path: Start/Control Panel/System and Security/Administrative Tools/Services
In this snap-in, you need to check the status of the following services:
IPsec Policy Agent
Diagnostic Policy Service
Diagnostic Service HostDiagnostic System Assembly
For the first two, you need to set the launch method Automatically, for the rest - Manually
After that, you need to restart your computer.

Method 3. Adding access rights for the network subsystem.
From here
The solution is somewhat collective farm, so I did not check it myself, but according to reviews on the network, it sometimes works.
We open access to drive C: to LOCAL SERVICE services through the system shell, and not through the line. For this:
Launch Explorer
Right-click on Disk C, select "Properties" from the drop-down menu
in the tabs at the top, select the "Security" snap-in
Under the "Group and users" list, click "Edit"
Next, click "Add", in the next window "Select:" Users and Groups "click" Advanced ". Next, we look for groups of users registered in the system. In the search results, we look for the service" LOCAL SERVICE "further on all questions OK and where denied in access, just continue.Then reboot the system.

Method 4. Allowing network services to write to the system registry.
From here
An error of this kind occurs when the Network Service group is not granted full access to the Diag directory in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\VSS registry branch or the volume shadow copy service system registry setting is corrupted.
To fix the problem, open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\VSS branch in the registry editor, right-click on the Diag folder, select "Permissions ...", select the Network Service group, check the box for full control in the "Allow ", click the "Apply", "OK" buttons. If the Diag branch is missing, create it manually and perform all the described manipulations.
After the manipulations, restart the computer.

Method 5: Add network services to the Administrators security group
In fact, the repetition of operations from the 3rd method, but without unnecessary gestures and time spent waiting and applying the settings. I tested the method myself, it works.

For the English system:

net localgroup Administrators /add networkservice
net localgroup Administrators /add localservice
exit
We restart the computer.

For a Russian system:
In any available way, run cmd with Administrator rights, execute the following commands:
net localgroup administrators /add networkservice
net localgroup administrators /add localservice
exit
We restart the computer.

There are other ways to fix this error, for example, by editing local policies, but the above ones are enough for me. So far I have not met with cases where at least one of them did not work.

You can configure the operation of services in a special Windows manager. To open it, use the key combination Windows + R, in the line that appears, type services.msc and press Enter. You will see the same or similar (if you have one of the older OS versions) window:

The manager displays the services in a table. Here you can view the list of available services, read their brief description and find out the current status. Of particular importance is the Startup Type column. It is he who shows whether a particular service is enabled and in what mode it is started by the system.

By double-clicking on one of the services, you will open a window in which you can disable it. It is enough to open the "Startup type" item, select "Disabled" and click "OK". But among other launch options, there is a “Manual” value. For security purposes, select it for all services that you want to disable. This will allow the system to start services when they are really needed and not waste on them the rest of the time.

Do not disable services completely, but only switch them to manual mode.

The services listed below are not critical to the operation of the system, and many users can do without them. Therefore, you can set these services to manual mode. Be sure to read the brief descriptions before making any changes so you don't stop the services that are important to you.

Some of the services from our list may already be completely disabled on your PC or initially work in manual mode. In that case, just skip them.

Mistakes in the process of configuring services can lead to incorrect system operation. When you make changes, you take responsibility.

For the changes to take effect, after setting, do not forget to restart the PC.

Windows services that can be switched to manual mode

The Russian-language names of some services from this list may differ from those that you will see on your computer. But this only applies to wording. If you cannot find the service you need by the exact name, look for options that are similar in meaning.

Windows 10

  • Functionality for connected users and telemetry (Connected User Experiences and Telemetry).
  • Diagnostic Tracking Service.
  • dmwappushsvc.
  • Downloaded Maps Manager - if you are not using the Maps application.
  • Touch Keyboard and Handwriting Panel Service.
  • Windows Defender Service.

Windows 8/8.1

  • Diagnostic Policy Service.
  • Distributed Link Tracking Client - if the computer is not connected to any network.
  • IP Helper - if you are not using an IPv6 connection.
  • Program Compatibility Assistant Service.
  • Print Spooler - if you don't have a printer.
  • Remote Registry - This service can be completely disabled.
  • Secondary logon.
  • Security Center.
  • NetBIOS Helper over TCP/IP (TCP/IP NetBIOS Helper).
  • Windows Error Reporting Service.
  • Windows Image Acquisition (WIA) - if you don't have a scanner.
  • Windows Search - if you do not use the Windows search function.

Windows 7

  • Computer Browser - if the computer is not connected to any network.
  • Diagnostic Policy Service.
  • Distributed Link Tracking Client - if the computer is not connected to any network.
  • IP Helper - if you are not using an IPv6 connection.
  • Offline files (Offline Files).
  • Portable Device Enumerator Service.
  • Print Spooler - if you don't have a printer.
  • Protected Storage.
  • Remote Registry - This service can be completely disabled.
  • Secondary logon.
  • Security Center.
  • Server (Server) - if the computer is not used as a server.
  • NetBIOS Helper over TCP/IP (TCP/IP NetBIOS Helper).
  • Windows Error Reporting Service.
  • Windows Search - if you do not use the Windows search function.

Windows Vista

  • Computer Browser - if the computer is not connected to any network.
  • Desktop Window Manager Session Manager - if you are not using the Aero theme.
  • Diagnostic Policy Service.
  • Distributed Link Tracking Client - if the computer is not connected to any network.
  • Offline files (Offline Files).
  • Portable Device Enumerator Service.
  • Print Spooler - if you don't have a printer.
  • Ready Boost.
  • Remote Registry - This service can be completely disabled.
  • Secondary logon.
  • Security Center.
  • Server (Server) - if the computer is not used as a server.
  • Tablet PC Input Service.
  • NetBIOS Helper over TCP/IP (TCP/IP NetBIOS Helper).
  • Themes - if you are using a classic Windows theme.
  • Windows Error Reporting Service.
  • Windows Media Center Service Launcher.
  • Windows Search - if you do not use the Windows search function.

Windows XP

  • Alerter.
  • Computer Browser - if the computer is not connected to any network.
  • Distributed Link Tracking Client - if the computer is not connected to any network.
  • Indexing Service - if you don't use Windows Search.
  • Internet Firewall (ICF) / Internet Connection Sharing (ICS) (Internet Connection Firewall / Internet Connection Sharing).
  • Message service (Messenger).
  • Remote Registry - This service can be completely disabled.
  • Secondary logon.
  • Server (Server) - if the computer is not used as a server.
  • System Restore Service.
  • NetBIOS Helper over TCP/IP (TCP/IP NetBIOS Helper).
  • Uninterruptible Power Supply.
  • Upload Manager.
  • Wireless Zero Configuration.

In some cases, when you start some application that works directly using a network connection, an error is generated stating that the Windows 10 Diagnostic Policy Service is not running. This error is related to the network connection settings and it implies that you do not have enough rights to make changes to these settings. At the same time, many people mistakenly believe that they are logging in as administrators, but this is not so, since some applications still have to be run as administrator. You can fix the error using other applications that need to be run as administrator.

Using the Registry Editor

Open the Registry Editor, and to do this, press two keys on the keyboard at the same time WIN+R. Then enter the command in the window that opens regedit and click OK.

Change the Diag permission in the Registry Editor

In the registry editor that opens, expand the branch HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Diag. Then you need to hover over the last Diag item and press the right mouse button. A context menu will open in which you need to select the item Permissions.

If the diagnostic policy service is not running Windows 10, then you need to allow full access to the Network Service

A window will open in which you find and click on the item Network Service, and check the box below Full access and click OK. After that, restart your computer.

Using Services

Open services by pressing two keys on the keyboard at once WIN+R, enter the command in the window that opens services.msc and click OK.


IPSec Security Agent Service

In the window that opens, under the name Services, find the item IPSec security agent and open its properties.

Stop the IPSec Security Agent service

In the window that opens, set the startup type Manually and click OK. Then in the window called Services find the item Diagnostic Service Host and also in its properties set the manual launch type. Then close the Services window and restart your computer.

Using the command line

Open the command line, and for this you need to press two keys on the keyboard at once WIN+R and enter the command in the window that opens cmd and click OK.


Command Prompt Fixes Diagnostic Policy Service Not Started Error

In the command prompt window that opens, enter the command pconfig / release ipconfig / renew ipconfig / flushdns netsh int ip reset c:\log1.txt netsh winsock reset c:\log2.txt shutdown -r -t 0 (terminal restart) and press Enter. After that, restart your computer. You can also try typing the command net localgroup administrators /add networkservice net localgroup administrators /add localservice exit and press Enter. After this command, you will also need to restart your computer.

Liked the article? Share with friends:
You may also be interested