Tokenmon monitors NT and Windows 2000 logon/logoff and security privilege token creation/deletion

  • Section(s): Security
  • Published on Apr 20, 2004.
  • Last Modified on Apr 20, 2004.
  • Last Modified by Wayne Maples.
  • Rated 3 out of 5 based on 2 votes.

Mark Russinovich of SysInternals has made available Tokenmon which is an application that monitors and displays a variety of security-related activity taking place on a system. Tokenmon gets its name from the fact that Windows NT/2000 stores a process' security information, including the user account context in which the process executes, in an object called a token. Tokenmon monitors includes the following:

  • User logon/logoff
  • Applications enabling or disabling security privileges in their process tokens
  • Process startup and exit (token creation/deletion)
  • Impersonation
Tokenmon has advanced filtering and search capabilities that make it a powerful tool for exploring the way NT works, seeing how applications use security functions, or tracking down problems in system or application configurations. Tokenmon works on NT 4.0 and Windows 2000

About Wayne Maples


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Spam Hardware solution?

Follow TechGenix on Twitter