Tokenmon 1.01

Tokenmon 1.01

Tokenmon is a tool which monitors and displays a variety of security-related activity taking place on a system. Tokenmon gets its name from the fact that Windows NT/2000 stores a process' security information, including the user account context in which the process executes, in an object called a token. Tokenmon monitors includes the following:




User logon/logoff

Applications enabling or disabling security privileges in their process tokens

Process startup and exit (token creation/deletion)

Impersonation

Tokenmon has advanced filtering and search capabilities that make it a powerful tool for exploring the way NT works, seeing how applications use security functions, or tracking down problems in system or application configurations.

Simply run the Tokenmon GUI (Tokenmon.exe). Note that you must have administrative privilege to run Tokenmon. Menus, hot-keys, or toolbar buttons can be used to clear the window, save the monitored data to a file, and to filter and search output.