If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Logging Windows Activity
Hi All
Thanks for taking a moment to read this. Before I dive into my question, a little environment information: We're a Windows XP Pro environment (with a few Win 7 clients) naturally running AD authenticating to Win 2003 DC's. I'm looking for some way of logging exactly what the system is doing from the time Windows starts to load all, to the time a user reaches their desktop. This includes booting up until the GUI starts the load or is loaded, the login screen & would continue until the desktop is fully loaded & has processed Startup Programs, Run/RunOnce registry entries etc. I'm looking for an in depth, detailed tool, something along the lines of BootLog XP, which lists the drivers, EXE's & associated DLL's, complete with time stamps and timing information. (Standard Windows Boot logging wasn't enough.) Unfortunately, what BootLogXP doesn't capture is what the machine is doing right as the GUI loads, (the moment you see the background/wallpaper), what its doing until the login screen appears (applying computer settings, preparing network connections etc), and what it processes during and after a user logs on. I've enabled verbose status messages, which work fine, but I need to be able to log those messages to a file and capture things like: What GPO policies is it checking & where its pulling this information from. Which GPO policies is it applying and how long it takes for it to process the policies. Which DC's is it attempting to communicate with and timing communication between the machine & said DC. Is this possible? If you're asking yourself 'what problem is he trying to solve?' its hard to say because this isn't necessarily in response to a specific problem. I suspect there are DC or DNS issues because of some information found in logs and the way machines behave from time to time. (e.g.: a machine in Washington D.C . used a DC in Silicon Valley; a London DC might get updated with DNS info for a machine in Denver before the local DC.) Also, for my own sanity, I'm looking to track what processes start & stop, how long the machine stalls before moving onto the next directive etc. If I can log registry queries as well, that would be great. (sounds like a job for procmon, but how can I ensure its the first possible exe to run?) If you've read this far, thank you kindly for taking a moment to read. -- Julius G. Perkins, IV Enterprise Systems Workstation Architect |
Ads |
Thread Tools | |
Display Modes | |
|
|