![]() (A) Am I correct that the "Effective Permissions" takes into account any problem with higher level entries? (Actually (7) was unnecessary as System had "Full Control".) ![]() Set the "Apply to" to "This key and subkeys" and tick the "Full Control/Allow" box. (7) Some options were missing, so click on "Permissions", then "Edit". (6) Key in "Administrators" and hit Enter. (2) Right click on it and select "Permissions." (1) Navigate to HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\se rvices. Unfortunately, it's common to see error messages (certainly in ProcMon) even when everything is fine! Problem is now sorted! I've never had an issue with Registry Key permissions before so I'd appreciate your comments on what I did. I'll try it out and get back to you shortly. use Rohitab API monitor to monitor procmon startup I ran the icacls command anyway, but it made no difference. I know that ProcMon is successfully creating and deleting files in the folder. Is it possible your system32\drivers folder permissions are not correct? I hadn't as I knew that both ProcMon process were terminating when I closed the GUI. Have you checked if procmon is set to autostart somehow - you can use. ![]() On the other hand, killing the one started by Explorer leaves the other process (and the GUI) running. If I kill the one started by ProcMon this terminates both processes. One is started by Explorer, the other by the "first" ProcMon. Can you use to determine what process are starting each instance? For as long as its running, the two processes are there, When I close ProcMon the two processes disappear. No, there's no instance until I start ProcMon. CSI-Windows_com, Do you only have two instances when you attempt to start it, or is there one instance always hanging around?
0 Comments
Leave a Reply. |