Use RegMon to Monitor Your Registry Activity
RegMon is a superb real-time Registry monitoring tool which lists what applications are accessing the Windows Registry, in addition to which keys they are accessing, and what data is being read or written to.
Why is this important? Well, for starters, if you suspect some Malware is residing on your computer, this is one way to view what’s occurring at a granular level.
For those working in an enterprise environment, it comes in handy when attempting to discover what specific registry keys are written to during certain actions. For example, I created a batch file to turn off Outlook auto-archiving for all staff since we disabled the ability to create Personal Folders. Since I could not locate any documentation, I ran RegMon while I enabled and disabled Auto-Archiving in Outlook. This allowed me to find the specific key and the value needed to disable this for all users. From there I exported the registry values, and ran a batch file when each user logged on to ensure the registry was imported for each user’s profile – this specific setting is in the HKey Current User (HKCU), not the local machine, HKEY Local Machine.
Another way to use RegMon is to discover what reg keys require access for software applications which require local administrative privileges. This is a real annoyance to me: software vendors who state their software will only work with local admin privileges. Either this is due to support staff who have no idea what they are talking about, or weak kneed software vendors too lazy to design the software application properly. By using RegMon, and its twin FileMon, you can determine which specific keys and files require write permissions, thus allowing you to give the users permissions on a granular level.
To see how RegMon works, watch the VIDEO.
Related posts:
Discussion Area - Leave a Comment
You must be logged in to post a comment.