Tokenmon monitors NT and Windows 2000 logon/logoff and security privilege token creation/deletion

Mark Russinovich of SysInternals has made available Tokenmon which is an
application that monitors and displays a variety of security-related activity
taking place on a system. Tokenmon gets its name from the fact that Windows
NT/2000 stores a process’ security information, including the user account
context in which the process executes, in an object called a token. Tokenmon
monitors includes the following:


  • User logon/logoff
  • Applications enabling or disabling security privileges in their process
    tokens
  • Process startup and exit (token creation/deletion)
  • Impersonation
Tokenmon has advanced filtering and search
capabilities that make it a powerful tool for exploring the way NT works, seeing
how applications use security functions, or tracking down problems in system or
application configurations. Tokenmon works on NT 4.0 and Windows 2000

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top