Process Monitor shows you all activity relating to files and registry keys. So, you can watch every process running and see what files and registry keys its creating/modifying/reading/etc.
This comes in handy when you have an application that thinks it needs admin rights to run. Often, this is caused b the application writing to some file/reg location that standard users don't have write access to. So, using procmon, you can run the application as a standard user, and look in the procmon log for access denieds. That lets you know what the app needs access to. You can then give users full control to that location. This is definitely more an art than a science, but with practice, it's not too bad. In the vast majority of cases, the problem location has been Program Files\AppName or HKLM\Software\AppName. Giving users full control of those two folders/keys usually "fixes" it. From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, January 07, 2010 8:41 AM To: NT System Admin Issues Subject: Process Monitor I read the procmon would show me the access rights to a file so I could lock a server/computer down to the minimum required perms. I have it downloaded and running but I don't see anything about perms??? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
