Using Process Monitor to track registry changes
Solution 1
In the directory where procmon.exe resides, there should also be a file called procmon.chm (if you extracted them to the same place). Right click on procmon.chm and properties. Then click "Unblock".
You are experiencing the issue described here.
Edit:
Now to address the actual question.
Open up process monitor.
The filters will probably show up. Press reset to reset the filters and click OK. Otherwise you can open them with ctrl-L and press reset.
There is an icon on the top toolbar that looks like cross hairs with circles (8th from the left). Drag that to the (config) window who's activity you want to watch (if you want to filter on that process). You might otherwise clutter up your readings with activities from other processes.
Clear the activity log (ctrl-x).
Now make your config changes and watch the registry keys fly by.
Solution 2
CHM files (compiled html) are "blocked" by default as a security measure in Windows 7. Find the help file that belongs to Process Monitor, view it's properties, and click the unblock button.
As for Process Monitor itself, it collects a lot of data, so you'll want to try and filter what you're looking for. You can do this a couple of ways. You can just capture all of the data to a capture file, then open it to filter the data viewed - this still preserves all of your data. You can also configure your filters to capture only the data you want to see, and save that - less resource hungry, but you lose data that you may want to see later.
If you only downloaded Process Monitor, I suggest taking a look at the rest of tools available in the Sysinternals Suite. They're great for troubleshooting and better understanding how Windows works.
Related videos on Youtube
10 : 53
03 : 33
02 : 16
25 : 59
07 : 16
CChriss
Updated on September 18, 2022Comments
-
CChriss almost 2 years
It seems many people like using Process Monitor to see what changes are being made to the registry during a process. So I downloaded it.
I want to see what changes are made in the registry by some config changes I'm making on my computer so I can write them into a vbs script to do them easily. Can someone tell me how to drive Process Monitor to capture the info? In the Help I don't see how to do it.
I'm using Windows 7 home Premium 64 bit.
-
Admin almost 13 yearsWhat OS? Also, it does not run in a browser. -
Admin almost 13 yearsYup that makes all the difference. My answer does not apply anymore. [delete]
-
Admin almost 13 yearsI added a new answer for ya. I misunderstood the question at first. Hopefully it's helpful now.
-
Admin almost 13 yearsDid you run it from within the downloaded ZIP file, or did you extract all the files to a directory, and then run it?
-
-
CChriss almost 13 years+1. Now that I actually can look into the Help I didn't see any instructions on how to do what I need Proc Mon for.
-
Neetu almost 13 years@CChriss Oh Right... forgot there was more to the question. I updated my answer again. -
CChriss almost 13 yearsWorks great. Thank you again for all your help.
-
Sopalajo de Arrierez almost 9 years@JamesT, I get too many captured registry-related info when using this method withgpedit.msc. As this will probably be a different problem, I have opened another thread: superuser.com/questions/946123/…