I finally solved this enigma. If you are dying to break your Windows install, go ahead and delete the sru folder under C:\WINDOWS\system32. Like I did!

Backgrounder: There are a lot of problems with Diagnostic Policy Service filling this sru folder up during network diagnostics as it logs all of your Windows 10 network data usage. It often uses a lot of CPU and disk resources, sometimes getting corrupted. So there are techniques out there to delete the massive log files and SRUDB.dat file, etc. You, like me, found some of those resources and broke your Windows install.

Unfortunately, if you delete the whole folder, Windows 10/11 gets really perturbed at you, throwing an error in the Application logs (Event Viewer) every 10 seconds, complaining that DPS has no permissions to create or modify log files, etc. Like this:

svchost (12100,R,98) SRUJet: An attempt to create the file "C:\Windows\system32\SRU\SRUtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

svchost (12100,R,98) SRUJet: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Here is the solution to restore Diagnostic Policy Service when you delete sru. What needs to be done is create and then fix the permissions on the sru folder. (It is not enough to have SYSTEM privileges or ownership.) You can use a convoluted process of copying permissions from a working PC like I did. But this is the command that solved it for me. (I added a line to re-make the deleted folder, in case you didn't already do so.)

md c:\windows\system32\sru
icacls c:\windows\system32\ /restore c:\down\aclforsru.txt

Before running that, you will need a file stored in the location at the end of that command. Here is an example of such a file to be saved as aclforsru.txt and placed in the "C:\down" folder.

sru
D:PAI(A;;FA;;;BA)(A;OICIIO;FA;;;BA)(A;;FA;;;SY)(A;OICIIO;FA;;;SY)(A;;FA;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;OICIIO;FA;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)

Of course, the icacls program should be run from an elevated Command prompt since it is working on the Access Control List and wields a lot of power. Once you run it, you should see Diagnostic Policy Service recognizing its new permissions and begin to working again.

(You might need restart DPS if you had stopped it or killed it and make sure it is set for Automatic start.)

The secret to this is essentially the well-known SID for DPS, which is listed in that acl file. It is S-1-5-80-2970612574-78537857-698502321-558674196-1451644582. That's not something you would add this from Windows Explorer's security tab.