Process monitor

Part 4 – Tools of the trade – your tools in EUC –  Debugging as seen at #virtualExpo

September 23rd, VirtualExpo was held. A online conference elimination travel, hotel costs. VirtualExpo is organized by @XenAppblog (Trond Haavarstein). Together me my co-worker Hayscen de Lannoy (@HdeLannoy) we created a light session about tools we use in the field. In our work we see people struggling with tools and something oblivious about them. Some tools are used already but not always user efficiently. so our thought was that we show real quick how to use them and we hoped that the majority of the audience would gain something from it. If you watched and knew all tools and the way we used them, the session was not for you…. hope you still enjoyed it. Let’s talk about the the fourth phase we discussed debugging. We will see Process Monitor and Spy Studio in this part.

For the rest I hope we got you triggered to try the tool or try the way we used it. Let’s do a little recap as promised about the tools we presented. As we said in during VirtualExpo we went along as if we had a little project. Project have a certain organic way of going along, I think in phases;

  • Assessment phase where you determine what you’re up against
  • Application packaging where the applications are created including the specific configuration
  • Application deployment where you deploy the applications and the configuration to the golden images
  • Fix issues, every project has issues that need to be fixed

So with the four phases we have presented five tools, the fix phase sometimes needs more angles to look at. So let’s make a quick list of the tools we talked about at VirtualExpo. Let’s talk about the the fourth phase we discussed debugging. We will see Process Monitor and Spy Studio in this part.

  • For part 1 about phase 1 please click this link – link
  • For part 2 about phase 2 please click this link – link
  • For part 3 about phase 3 please click this link – link

Process monitor

So you are working hard to deploy your applications and to tune the user environment and Murphy walks in. Something in every project will go wrong. So we need tools to troubleshoot and find why and where it goes wrong. There are several SysInternals tools that can help you, process monitor is one of them we use a lot. What we see a lot of people do is start it up and let it run wild. At the end they got 100000 entries and they try to find the needle in the haystack. That’s not the best way to solve your issues. You could also take a stroll outside and see if you can find the solution, odds are the same but you get some fresh air ;).

So let’s show how you can find the issue and solve it in a more managed way. First thing you need to know is what your are looking for, sounds obvious but it’s a key requirement. If you work, like in our demo, with Internet explorer filter that one out. If you are working with a particular user filter it out and if you are looking for a registry setting that will be set filter that one out.

If we put this in a list you have three filter to create (to add);

  • Add a Filter to show Internet Explorer
  • Add a Filter to show the user “demo” (example)
  • Add a Filter to show the addition of a registry value (REGSETVALUE)

With this you can easily filter out what is happening on the machine. Perhaps still after doing this you have about 10-20 entries that don’t mean that much but a quick search on the Internet for a value will help there. It will take some trying out with Process monitor but once you got the hang of it it is a life saver.

We demo’d the cookie slider, one thing you can control with GPO. So we wanted to set it to medium so it accepts cookies instead of the value high it was on. As we showed the site we browsed to was in zone 3, the Internet zone. the key we were looking for was 1A10 which controls the cookie slider. Together with a couple of string for direct and indirect cookies this is now a controllable setting that you can import in any UEM solution. Problem solved.

Process monitor

Spy Studio

Spy Studio was demo’d as a companion of Process monitor as in troubleshooting sometimes you need a different angle to view an issue. Spy Studio is from and is free to use, it is no longer developed but is still alive. There is no installation needed just unzip it and you’re good to go. Same goes for Process monitor by the way.

The main difference between the two products is that with process monitor you monitor all processes on the machine and if you don’t filter it gets cluttered fast. With Spy Studio you hook a process and only that process is shown. So that would be a bit like setting the Internet Explorer filter with process monitor.

Process monitor

The other big difference is that it breaks down your trace into whatever differences there are, ranging from Files, Registry, COM object, Windows, Dot Net and more. anything the application is doing is shown and broken down in tabs. This makes it a lot easier to read and debug. I use both tools in debugging and they saved hours of time already.

Process monitor



Debugging can take a lot of time so with the right tools they can save your project. Hopefully we showed you how this can be done. So with this we end the VitualExpo series, I showed the assessment, the packaging, the deployment and now the debugging. Work with these tools and perhaps until a next VirtualExpo.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.