J
JuliusPIV
Hi All
Thanks for taking a moment to read this. Before I dive into my question, a
little environment information: We're a Windows XP Pro environment (with a
few Win 7 clients) naturally running AD authenticating to Win 2003 DC's.
I'm looking for some way of logging exactly what the system is doing from
the time Windows starts to load all, to the time a user reaches their
desktop. This includes booting up until the GUI starts the load or is
loaded, the login screen & would continue until the desktop is fully loaded &
has processed Startup Programs, Run/RunOnce registry entries etc. I'm looking
for an in depth, detailed tool, something along the lines of BootLog XP,
which lists the drivers, EXE's & associated DLL's, complete with time stamps
and timing information. (Standard Windows Boot logging wasn't enough.)
Unfortunately, what BootLogXP doesn't capture is what the machine is doing
right as the GUI loads, (the moment you see the background/wallpaper), what
its doing until the login screen appears (applying computer settings,
preparing network connections etc), and what it processes during and after a
user logs on.
I've enabled verbose status messages, which work fine, but I need to be able
to log those messages to a file and capture things like:
What GPO policies is it checking & where its pulling this information from.
Which GPO policies is it applying and how long it takes for it to process
the policies.
Which DC's is it attempting to communicate with and timing communication
between the machine & said DC.
Is this possible?
If you're asking yourself 'what problem is he trying to solve?' its hard to
say because this isn't necessarily in response to a specific problem. I
suspect there are DC or DNS issues because of some information found in logs
and the way machines behave from time to time. (e.g.: a machine in
Washington D.C . used a DC in Silicon Valley; a London DC might get updated
with DNS info for a machine in Denver before the local DC.)
Also, for my own sanity, I'm looking to track what processes start & stop,
how long the machine stalls before moving onto the next directive etc. If I
can log registry queries as well, that would be great. (sounds like a job
for procmon, but how can I ensure its the first possible exe to run?)
If you've read this far, thank you kindly for taking a moment to read.
Thanks for taking a moment to read this. Before I dive into my question, a
little environment information: We're a Windows XP Pro environment (with a
few Win 7 clients) naturally running AD authenticating to Win 2003 DC's.
I'm looking for some way of logging exactly what the system is doing from
the time Windows starts to load all, to the time a user reaches their
desktop. This includes booting up until the GUI starts the load or is
loaded, the login screen & would continue until the desktop is fully loaded &
has processed Startup Programs, Run/RunOnce registry entries etc. I'm looking
for an in depth, detailed tool, something along the lines of BootLog XP,
which lists the drivers, EXE's & associated DLL's, complete with time stamps
and timing information. (Standard Windows Boot logging wasn't enough.)
Unfortunately, what BootLogXP doesn't capture is what the machine is doing
right as the GUI loads, (the moment you see the background/wallpaper), what
its doing until the login screen appears (applying computer settings,
preparing network connections etc), and what it processes during and after a
user logs on.
I've enabled verbose status messages, which work fine, but I need to be able
to log those messages to a file and capture things like:
What GPO policies is it checking & where its pulling this information from.
Which GPO policies is it applying and how long it takes for it to process
the policies.
Which DC's is it attempting to communicate with and timing communication
between the machine & said DC.
Is this possible?
If you're asking yourself 'what problem is he trying to solve?' its hard to
say because this isn't necessarily in response to a specific problem. I
suspect there are DC or DNS issues because of some information found in logs
and the way machines behave from time to time. (e.g.: a machine in
Washington D.C . used a DC in Silicon Valley; a London DC might get updated
with DNS info for a machine in Denver before the local DC.)
Also, for my own sanity, I'm looking to track what processes start & stop,
how long the machine stalls before moving onto the next directive etc. If I
can log registry queries as well, that would be great. (sounds like a job
for procmon, but how can I ensure its the first possible exe to run?)
If you've read this far, thank you kindly for taking a moment to read.