[No000017F]如何监控注册表的修改
今天我們將向您展示如何使用我們最喜歡的工具之一Proc Mon,在您更改PC上的組策略設置時查看編輯的注冊表項。
使用Proc Mon查看組策略對象修改的注冊表設置
您要做的第一件事就是從Sys Internals網站獲取Proc Mon的副本。
然后,您需要解壓縮該文件夾并運行Procmon.exe文件。
當Proc Mon打開時,您需要添加如下條件:
進程名稱是mmc.exe然后包含
然后單擊"添加"按鈕。
要僅獲取更改的注冊表項,我們需要添加另一個:
操作是RegSetValue然后包括
然后再次單擊"添加"按鈕。
添加完兩個規則后,您可以繼續并單擊"確定"。
現在轉到打開要編輯的組策略設置。
在實際更改設置之前,請切換回Proc Mon并清除日志。
然后轉到并更改GPO并單擊"應用"。
如果切換到Proc Mon,您將看到您有一個注冊表項。右鍵單擊它,然后從上下文菜單中選擇Jump To ...選項。
這將啟動Regedit并帶您到修改后的確切密鑰
這就是它們的全部。
How to See Which Registry Settings a Group Policy Object Modifies
Today we are going to show you how to use one of our favorite tools, Proc Mon, to see which registry keys are edited when you change a Group Policy setting on your PC.
Using Proc Mon to See Which Registry Settings a Group Policy Object Modifies
The first thing you will want to do is go and get yourself a copy of Proc Mon from the?Sys Internals website.
Then you will need to extract the folder and run? the Procmon.exe file.
When Proc Mon opens, you will need to add a condition as follows:
Process Name is mmc.exe then Include
Then click the add button.
To get only the?registry keys that are changed, we need add another one:
Operation is RegSetValue then Include
Then again click the add button.
Once the two rules have been added, you can go ahead and click ok.
Now go and open the Group Policy setting that you wish to edit.
Before you actually change the setting, switch back over to Proc Mon and clear the log.
Then go and change the GPO and click apply.
If you switch over to Proc Mon you will see that you have a registry key(s) there. Right-click on it and select the Jump To… option from the context menu.
That will fire up Regedit and take you to the exact key which was modified
That's all there is to it guys.
轉載于:https://www.cnblogs.com/Chary/p/No000017F.html
與50位技術專家面對面20年技術見證,附贈技術全景圖總結
以上是生活随笔為你收集整理的[No000017F]如何监控注册表的修改的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 【php】命名空间的影响
- 下一篇: 基于墨刀的软件界面原型设计——小说搜索阅