Windows – Using Process Monitor to Log Login Events

monitoringroaming-profilewindows 7

We're having some issues with Windows 7 Roaming profiles and I was reading here that the login process can be monitored using process monitor.

"There are a couple of ways to configure Process Monitor to record
logon operations: one is to use Sysinternals PsExec to launch it in
the session 0 so that it survives the logoff and subsequent logon and
another is to use the boot logging feature to capture activity from
early in the boot, including the logon."

How does one do either of these options using process monitor to find out what is happening during a user login?

Best Answer

"There are a couple of ways to configure Process Monitor to record logon operations: one is to use Sysinternals PsExec to launch it in the session 0 so that it survives the logoff and subsequent logon and another is to use the boot logging feature to capture activity from early in the boot, including the logon."

I don't believe that either of the above are valid for Windows 7 for the following reasons:

There's no session 0 in Windows 7, as far as I know.
User environment debug logging (which is what it sounds like they're recommending) has been replaced/supplanted with the Group Policy event log.

So, my suggestion would be to start by looking at the Group Policy event log on one of the problem machines.

Best Answer

Related Solutions

What tool do you use to monitor your servers

Windows roaming profiles on Snow Leopard Server

Related Topic