Using Process Monitor to measure logon times

Did you ever get complaints about slow logon times for users running on a Terminal Server? Probably the answer is yes, but what is slow? And can I measure this with hard numbers? Yes you can do this… By using Process Monitor! And I will show you how.

Step 1

Logon to the server with the local Administrator account and start Process Monitor.

Stop the capture and clear everything, this prevents the ProcMon from using unnecessary resources for now.


Step 2

Edit the Filter as follows. Add the processes winlogon.exe, userinit.exe and explorer.exe

Also filter to only show process Start and Exit.


– Winlogon.exe: You can see the first process to kick of is the Winlogon.exe. It is starting on logon and ends when a user clicks the start => logof button.

– Userinit.exe: Next one to launch is the userinit.exe process which includes various user initializations. This process will also…

