Skip to main content

Fix: Can’t Enable Boot Logging in Process Monitor on Windows 10

Process Monitor is an advanced monitoring tool for Windows users that is capable of monitoring file system, Registry and process/thread activity, all in real-time. Process Monitor is a lightweight yet brilliant little program that has some extremely handy features, including Boot Logging – enabling which allows Process Monitor to generate thread profiling events that capture the state of all running applications at a regular interval. Unfortunately, many Windows 10 users have reported being unable to enable Process Monitor’s Boot Logging feature even though it worked perfectly for them on older versions of the Windows Operating System. When a Windows 10 user affected by this issue tries to enable Boot Logging, they see an error message that states:
Unable to write PROCMON23.SYSMake sure that you have permission to write to the %%SystemRoot%%\System32\Drivers directory.

PRO TIP: If the issue is with your computer or a laptop/notebook you should try using Reimage Plus which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Reimage by Clicking Here
The error message doesn’t provide affected users with a lot of information, only that Process Monitor was unable to create or write to a file named PROCMON23.sys and that the cause may be the user not having permission to write to the directory in which this file is located or is supposed to be located. In actuality, Windows 10 already has a file titled PROCMON23.sys in the same directory, so when Process Monitor tries to create the file in that very directory, it fails and consequently displays the error message described above. This issue has been confirmed to affect all currently available builds of Windows 10, which makes it all the more significant. Thankfully, though, this problem can be fixed pretty easily – all you need to do is:
  1. Press the Windows Logo key + R to open a Run
  2. Type the following into the Run dialog and press Enter:
%SystemRoot%\System32\Drivers\
  1. In the File Explorer window that opens up next, locate a file named sys, right-click on it and click on Rename.
  2. Rename the file to PROCMON23_old.sys and press Enter to save the name.
  3. If you are asked to confirm the action or provide your password to give the administrative action the go-ahead, do whatever is asked of you. If you are not asked to confirm the action or provide authentication, simply skip this step.
  4. Restart your computer.
  5. When the computer boots up, launch Process Monitor, click on Options Enable Boot Logging and click on OK in the resulting popup, and Process Monitor should be able to successfully enable Boot Logging this time.

Comments

Post a Comment

Popular posts from this blog

How to Format/Indent XML Files in Notepad++

Notepad++ is a free text and source code editor that is mostly used by programmers. It is an advanced alternate version of the default notepad which supports 50 programming, scripting and markup languages. It allows a user to edit codes within multiple tabs in a single window. However, it lacks the formatting for XML files or XML code. Users will find it difficult to edit or read the XML code without the correct format for code. How to Format/Indent XML Files on Notepad++ What is XML File? XML (stands for eXtensible Markup Language) which is a language designed to store and transport data. XML files are just plain text files that can’t do anything on their own. Custom tags are used in XML files to define objects and the data within each object. It defines a set of rules for encoding documents in such a format that both humans and machines could read. XML is similar to HTML but the difference is that HTML defines how data looks, while XML defines what data is. XML Code samp...
Post a Comment
Read more

How to Fix ‘The Local Security Authority Cannot be Contacted’ Error on Windows

This error appears when users try to login to other computers via a remote desktop connection. The problem prevents them from connecting and it displays the “The Local Security Authority Cannot be Contacted” error message. The problem often appears after an update has been installed on either the client or the host PC and it causes plenty of problems on many different versions of Windows. The Local Security Authority Cannot be Contacted There have been many unofficial fixes for the problem which were created by the users who had the same unfortunate experience. We have gathered the working methods in this article so make sure you follow it in order to resolve the problem. What Causes “The Local Security Authority Cannot be Contacted” Error on Windows? Pinpointing the correct cause for the problem is one of the most important steps when it comes to resolving one. That is why we have created a list of possible causes for the problem so make sure you check it out below: D...
Post a Comment
Read more

Fix: The Active Directory Domain Services is currently unavailable ‘Windows 7, 8 and 10’

The error Active Directory Domain Services is currently unavailable means that the system is not able to find and connect to your printer, hence the process is stopped and cannot proceed further. This process allows the computer to manage and allocate resources. If this error occurs, it means that there is most probably a problem with the permissions, drivers, UAC etc. We have listed down a number of solutions for you to check. Start with the first one and work your way down. Solution 1: Resetting Printer Spooler Settings The spooler service is a software program which is responsible for managing all print jobs being sent to the computer printer. The print spooler service is usually visible to users and they can also cancel a print job which is being processed. It also allows them to manage jobs which are currently on the waitlist. We can try restarting this service and check if this solves the problem. Press  Windows + R  to launch the Run application. Type ...
Post a Comment
Read more