September 11th, 2002, 02:13 PM
Filemon and Regmon Utilities
This will be my first tutorial, so bare with me while I try to get this out in an acceptable fashion. Some time ago, two tools were revealed to me that would make my job much easier. These two freeware tools are called filemon and regmon. They can be found at Sysinternals’ website here . As a Technician, I worked in an almost pure Windows 2000 environment, where the enduser workstations were locked down and permissions to the local machines are kept tight. Very few of them have Administrative rights to their local boxes. However, even with the runas command, software installations can prove difficult with such restrictons in place.
Some programs need to be able to write temp files to different locations on the machine in order to function properly. This would, naturally, be done using the logged in user’s credentials. If they do not have sufficient permissions on the PC, the program may not work as expected. The same goes for the registry. Some programs also require a certain level of access to the registry. However, the Engineering Team would, of course, want to maintain the restrictions as closely as possible. Enter filemon and regmon. These tools allow you to capture all disk access and registry activity as it occurs on the local machine. You will first need to download the tools from the Sysinternals website, of course. Since the operation of both is the same, I will only mention filemon as an example.
Once downloaded and unzipped, the tools are ready to use. I would recommend putting the unzipped files together in a folder. There is no installation process. Double-click on the filemon.exe file and you will be presented with an intuitive GUI. Right away, you will see that the application will be capturing activity by default. To stop this, you can click on the capture button to stop it. To prepare for a fresh capture, click on the clear button at the top or press ctrl + x. Next, you can start the capture with the same button you used to stop it, then run the program you are having trouble with. After you have finished completing whatever action with the program in question, you can stop the capture and review what has been logged. Use the search/find feature (ctrl + f) to locate specific messages. In my case, I would have been looking for “access denied.” Using these results, you can quickly find out where there may be insufficient access when running the application. If desired, you could grant permissions to only the necessary directories so that the program will run properly, all the while maintaining the Engineering policy of not granting the user full Administrative rights to the computer.
These programs have worked wonders for me, and I hope that they prove to be useful to you also. I have not described the complete functionality of the programs; however, they both come with detailed help files. Enjoy!
September 11th, 2002, 04:09 PM
Re: Filemon and Regmon Utilities
Thx for the link.
I will download a few to try.
i m gone,thx everyone for so much fun and good info.
cheers and good bye
September 11th, 2002, 04:49 PM
Great site thanx for the link