A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Logging Windows Activity



 
 
Thread Tools Display Modes
  #1  
Old December 10th 09, 10:06 PM posted to microsoft.public.windowsxp.security_admin
JuliusPIV
external usenet poster
 
Posts: 9
Default Logging Windows Activity

Hi All
Thanks for taking a moment to read this. Before I dive into my question, a
little environment information: We're a Windows XP Pro environment (with a
few Win 7 clients) naturally running AD authenticating to Win 2003 DC's.

I'm looking for some way of logging exactly what the system is doing from
the time Windows starts to load all, to the time a user reaches their
desktop. This includes booting up until the GUI starts the load or is
loaded, the login screen & would continue until the desktop is fully loaded &
has processed Startup Programs, Run/RunOnce registry entries etc. I'm looking
for an in depth, detailed tool, something along the lines of BootLog XP,
which lists the drivers, EXE's & associated DLL's, complete with time stamps
and timing information. (Standard Windows Boot logging wasn't enough.)

Unfortunately, what BootLogXP doesn't capture is what the machine is doing
right as the GUI loads, (the moment you see the background/wallpaper), what
its doing until the login screen appears (applying computer settings,
preparing network connections etc), and what it processes during and after a
user logs on.

I've enabled verbose status messages, which work fine, but I need to be able
to log those messages to a file and capture things like:
What GPO policies is it checking & where its pulling this information from.
Which GPO policies is it applying and how long it takes for it to process
the policies.
Which DC's is it attempting to communicate with and timing communication
between the machine & said DC.

Is this possible?

If you're asking yourself 'what problem is he trying to solve?' its hard to
say because this isn't necessarily in response to a specific problem. I
suspect there are DC or DNS issues because of some information found in logs
and the way machines behave from time to time. (e.g.: a machine in
Washington D.C . used a DC in Silicon Valley; a London DC might get updated
with DNS info for a machine in Denver before the local DC.)

Also, for my own sanity, I'm looking to track what processes start & stop,
how long the machine stalls before moving onto the next directive etc. If I
can log registry queries as well, that would be great. (sounds like a job
for procmon, but how can I ensure its the first possible exe to run?)

If you've read this far, thank you kindly for taking a moment to read.
--
Julius G. Perkins, IV
Enterprise Systems
Workstation Architect
Ads
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 04:15 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.