Tool of the Day: Sysinternals ProcMon

Funny how you might not EVER use a given tool, and some days you might end up using it twice. Sysinternals Procmon was that tool today.

It is the successor from old utils from Sysinternals – Filemon and Regmon.

What does it do? It monitors all processes and services and watches what they are doing on your system. File, Registry, etc, etc. Open/Close, Read/Write, what user, status, etc. You can filter and pause and find out pretty much anything going on in windows.

So early in the day, running into a website issue, not loading in IIS. No idea what is going on. Fire up Procmon and filter to the website directory on disk. Lo and behold, the site is trying to impersonate a user, and that user doesn’t have permissions. The site still didn’t work, and if I would have dug a bit more with Procmon, would have found that the user impersonating on the site also needed rights to the ASP.NET Temporary files, but after seeing the impersonation and the site still not working, I guessed it didn’t have rights to the temp folder.

Things like the scenario above I have seen people waste a support call with Microsoft with.

Second thing today. Trying to install a extension to SSRS. The installer isn’t even seeing that SSRS is installed, yet it clearly is and functioning correctly on the box. Some how the installer must be reading something or looking somewhere and not finding something. Procmon to the rescue. Fire it up, watch msiexec.exe. Seeing registry reads, it finds the SSRS instance names, then looks to a registry area with that instance name and tries to find more details. Was failing on finding the details because there was no reg keys in the second location (for whatever reason). But there was info in the first location, the same info it was looking for. I exported it out, changed the reg path of the keys, and imported. Re-ran setup and it found the instance this time and I could install the extension.

Without Procmon would have been flying blind or just guessing randomly on what to do. Could have been hours on tech support with a company, or again, a support call with Microsoft.

Procmon saved the day. Check it out and try to use where applicable in your day to day troubleshooting.