Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Regmon
  New Posts New Posts RSS Feed: User Session
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

User Session
 Post Reply Post Reply
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
jcferret View Drop Down
Newbie
Newbie
Avatar

Joined: 30 October 2006
Location: United States
Online Status: Offline
Posts: 4 		Post Options Post Options   Quote jcferret Quote  Post ReplyReply Direct Link To This Post Topic: User Session
    Posted: 30 November 2006 at 10:14am
Good tip... Thanks :)
Back to Top
namrehto View Drop Down
Senior Member
Senior Member


Joined: 23 June 2005
Location: Scotland
Online Status: Offline
Posts: 3861 		Post Options Post Options   Quote namrehto Quote  Post ReplyReply Direct Link To This Post Posted: 30 November 2006 at 10:07am
If you make a capture with ProcMon instead, then you can subsequently play with filters non-destructively and try to drill down to the events you're looking for.
Gil
Back to Top
jcferret View Drop Down
Newbie
Newbie
Avatar

Joined: 30 October 2006
Location: United States
Online Status: Offline
Posts: 4 		Post Options Post Options   Quote jcferret Quote  Post ReplyReply Direct Link To This Post Posted: 30 November 2006 at 9:56am
Aw nuts.... would come in handy on countless occasions...
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Online Status: Offline
Posts: 4753 		Post Options Post Options   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 30 November 2006 at 5:58am
Originally posted by jcferret

Is there a way to set Regmon to only capture the keys accessed by the user that is running it, instead of all keys accessed on the server?


I do not think so. You need some specialized software.
Ring0 - the source of inspiration
Back to Top
jcferret View Drop Down
Newbie
Newbie
Avatar

Joined: 30 October 2006
Location: United States
Online Status: Offline
Posts: 4 		Post Options Post Options   Quote jcferret Quote  Post ReplyReply Direct Link To This Post Posted: 30 October 2006 at 10:49am

Is there a way to set Regmon to only capture the keys accessed by the user that is running it, instead of all keys accessed on the server? (Under terminal services or Citrix)

I'm trying to trace some Internet Explorer activity (Group Policy crap), which means there are tons of reg keys accessed already... without having to sort through 30+ users worth of keys instead of just the 1 user I mean to monitor

Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down