2
0
I need to monitor a specific registry key in HKCU for changes. Most importantly I need to know when it changed, who changed it (the process) and what it changed too.
I know this can be done via Proc Mon, however the complications of the situation means I can't go installing new external software onto a machine I need to monitor. Also the command line use of this program isn't suitable for my needs.
I can however implement a VBS or small c# / VB application, so long as it runs silently.
Is there a simple way to monitoring a key and if it changes record the change? Again, most important thing here is which process changed it.
Any thoughts on how this can be done appreciated.
Damo
Posted 2012-08-20T14:56:37.313
Reputation: 255
If you can't install software why can you run a VB script? – Ramhound – 2012-08-20T15:18:08.347
It's a customers network and customers build of machines. It'll be easier to persuade them to run something lightweight. – Damo – 2012-08-20T15:24:04.050
1
Why is the Process Monitor command-line insufficient? And what's wrong with Process Monitor (which is portable, http://live.sysinternals.com/procmon.exe) that makes it worse than your own script or executable?
– Tamara Wijsman – 2012-08-20T16:03:36.467@TomWijsman because the environment it must work in will not allow pop-ups or questions to the user. This cannot happen. Even with /quiet /minimized etc... set, ProcMon still asks questions on load following a reboot. – Damo – 2012-08-22T15:42:21.793