Tokenmon monitors NT and Windows 2000 logon/logoff and security privilege token creation/deletion

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Mark Russinovich of SysInternals has made available Tokenmon which is an application that monitors and displays a variety of security-related activity taking place on a system. Tokenmon gets its name from the fact that Windows NT/2000 stores a process' security information, including the user account context in which the process executes, in an object called a token. Tokenmon monitors includes the following:

  • User logon/logoff
  • Applications enabling or disabling security privileges in their process tokens
  • Process startup and exit (token creation/deletion)
  • Impersonation
Tokenmon has advanced filtering and search capabilities that make it a powerful tool for exploring the way NT works, seeing how applications use security functions, or tracking down problems in system or application configurations. Tokenmon works on NT 4.0 and Windows 2000

Featured Links