procmon remote monitoring

This entry was posted in Microsoft Uncategorized Windows on by

psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” /accepteula /backingfile c:output.pml /nofilter /quiet

Aanmelden met de gebruiker, en afmelden (kan wat langer duren door de logging)
Daarna procmon stoppen (om de log file te sluiten)

psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” Terminate

 

Sysinternals tools benodigd:

 

psexec

procmon

Leave a comment

Your email address will not be published. Required fields are marked *