Skip to content
This repository has been archived by the owner on Aug 5, 2023. It is now read-only.
/ KioskTrace Public archive

Powershell script for collecting AssignedAccess traces (+ProcMon)

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

florinDNL/KioskTrace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
KioskTrace.ps1
KioskTrace.ps1
 
 
README.md
README.md
 
 

Repository files navigation

KioskTrace

Powershell script for collecting AssignedAccess traces

Usage

  1. Open powershell as administrator
  2. Run the script

  • To collect only etw provider trace and registry keys:

      .\KioskTrace.ps1

  • Available arguments:

      -EventLogs  | Collects all event logs in addition to etw traces and registry keys
  -ProcMon    | Starts a ProcMon trace in addition to etw traces and registry keys [ProcMon will be automatically downloaded, started and removed upon completion]

  • These can be used independently or combined

      .\KioskTrace.ps1 -EventLogs
  .\KioskTrace.ps1 -ProcMon

  • To collect everything:

      .\KioskTrace.ps1 -EventLogs -ProcMon
  1. You will be prompted to reproduce the issue while the capture is ongoing. When done, press Enter in Powershell to stop the traces and save the logs to Desktop

About

Powershell script for collecting AssignedAccess traces (+ProcMon)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages