Windows Server: Automate Process Monitor Tracing in Windows

Summary: Process Monitor is an information collection tool designed to gather registry and file activity within Microsoft Operating System environments. The information below explains how to setup Process Monitor to run automatically at specific times aiding in troubleshooting application and operating system failure events. How to set up and automate the Microsoft Process Monitor for Windows to simplify application and system troubleshooting. Learn Process Monitor capabilities, setup steps, and how to manage log files for streamlined issue resolution. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

  • Download the Process Monitor utility using URL path below:
  • Create the folder "C:\PM" and extract downloaded file to the new folder location.
  • Copy and paste the "Procmon64.exe" executable from the "ProcessMonitor" folder to C:\PM.
  • Create a folder called "Log" in the C:\PM folder.

PM folder
       

  •  Go to "Task Scheduler," START Button -> Windows Administrative Tools -> Task Scheduler, on the system where the task is to be run. Right click "Task Scheduler Library" and Select "Create Task…"

Task scheduler library

  • On the "General" tab and assign a name to the task, assign a user account to run the task, select "Run whether user is logged on or not" setting, and check "Run with highest privileges" setting.

Create task general menu
 

  • Next click the "Triggers" tab and set a scheduled run time for the task in the "Start" section. In the task below we want to run it Daily.   
  • Check "Enabled" box to ensure that the task is active and available to run.
  • Click "OK" to save changes.

New trigger

  • Click "Actions" tab to enter the statements needed to run Process Monitor.
  • On the "New Action" pallet fill in the settings below which will run the Process Monitor program to gather information when our failure event occurs.
  • Action: "Start a program"
  • Program/script:
 "C:\PM\Procmon64.exe"
  • Add arguments (optional):
"/BackingFile C:\PM\Log\RMRun1.pml /runtime 60 /Quiet"

setting up a new action 

  • Next open the "Settings" tab and change the "Stop the task if it runs longer than" setting to "1 hour."
  • Click "OK" button to complete the task creation and configuration.          

complete the task creation and configuration
 

  • A password for the assigned run account must be entered to complete task creation.  

creating password
 

  • After creating task, right click "Procmon_Trace" Task and click "Run" to confirm the task runs as expected.

run the task
 

  • After running the task, there should be a new Process Monitor log file created in the log path defined with the Process Monitor command entered in Step 4.  

new Process Monitor log file created in log path

  • Right-click "Procmon_Trace" and select "Export…" to save the task to an XML file. The task can be imported to other Servers to run. The folder structure explained in Step 1 would also have to be created to run the task successfully.

exporting file

  • The "Procmon_Trace.xml" file can be imported using Task Scheduler on other Servers to be available and run. 

 Procmon_Trace.xm

 

Additional Information

See this video:

 

Affected Products

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022

Products

PowerEdge XR2, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX5016s, PowerEdge MX740C, PowerEdge MX750c, PowerEdge MX760c, PowerEdge MX840C, PowerEdge R240, PowerEdge R250, PowerEdge R260, PowerEdge R340, PowerEdge R350 , PowerEdge R360, PowerEdge R440, PowerEdge R450, PowerEdge R540, PowerEdge R550, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R660, PowerEdge R660xs, PowerEdge R6615, PowerEdge R6625, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R7515, PowerEdge R7525, PowerEdge R760, PowerEdge R760XA, PowerEdge R760xd2, PowerEdge R760xs, PowerEdge R7615, PowerEdge R7625, PowerEdge R840, PowerEdge R860, PowerEdge R940, PowerEdge R940xa, PowerEdge R960, PowerEdge T140, PowerEdge T150, PowerEdge T160, PowerEdge T340, PowerEdge T350, PowerEdge T360, PowerEdge T440, PowerEdge T550, PowerEdge T560, PowerEdge T640, PowerEdge XR11, PowerEdge XR12 ...
Article Properties
Article Number: 000196672
Article Type: How To
Last Modified: 17 Mar 2025
Version:  9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.