Windows

Troubleshooting Windows Access Denied Errors

Troubleshooting Windows Access Denied Errors can be difficult. However, learn how to easily Troubleshoot Windows Access Denied Errors with Process Monitor

Windows administrators can spend a massive amount of time poring over logs and investigating error messages.ย  Trying to figure out why Windows is throwing certain errors can be frustrating and time consuming.ย  I was reminded of this frustration recently in helping a customer with a Windows service that would not start.ย  The error received when attempting to start the service was “access denied“.ย  He had done all of the basic troubleshooting steps of looking through logs and making sure the user being assigned to the service had the “log on as a service” right and other permissions simply to affect the behavior of what he was seeing.ย  He had spent hours in troubleshooting the issue.ย  However, as we worked together on the issue, I pulled out a trusty tool that I have often use with troubleshooting Windows access denied errors – Process Monitor.ย  Let’s take a closer look at Troubleshooting Windows Access Denied Errors with Process Monitor and see how this powerful little tool can allow you to find the source of the error in minutes if not quicker.

What is Process Monitor?

If you are creating a file or folder in a certain location and receive an “access denied” error, you know at least where the problem lies.ย  However, on other more obscure processes or service related errors it can sometimes be difficult to quickly pinpoint the source of the error – what resource is having permissions issues or what location is my user not able to write, create, or modify?

Process Monitor is one of the trusty Sysinternals tools provided by Microsoft.ย  In case you have not already heard about Process Monitor, it is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity and is the combination of two older tools released from Sysinternals called Filemon and Regmon.ย  What I like about the tool is that it provides basically a real-time trace of all the file and process activity on your workstation/server that can allow easily identifying problems and other issues in a way that can cut troubleshooting time tremendously.

Various features of Process Monitor include:

  • Powerful filtering capabilities
  • Capturing of thread stacks
  • Capture of process details
  • Intuitive display includes moveable columns
  • Advanced logging
  • Built-in process tree gives detailed information regarding the relationship of all processes
  • Native log format that allows importing and exporting between Process Monitor instances
  • Detailed tooltips
  • Boot time logging of all operations

As you can tell from the list, which isn’t all inclusive, Process Monitor packs quite a punch in a small package and is definitely a worthy tool to add to your troubleshooting tool belt if you haven’t already.ย  Let’s take a look at “access denied” troubleshooting with Process Monitor as this is an often overlooked strength of the tool aside from general process monitoring.

Troubleshooting Windows Access Denied Errors

To proactively simulate an “access denied” situation in Windows, i have created a folder on a test server and explicitly added aย Deny permission for the local Administrator’s group containing a user that I am logged into the server with.ย  Note, when I attempt to create a new file or folder, I receive an “access denied” error as expected.ย  To illustrate the power of Process Monitor, let’s perform some troubleshooting with the utility.

Windows-Access-Denied-Error-creating-a-new-object-in-a-folder
Windows Access Denied Error creating a new object in a folder

When you download the Process Monitor utility, it is a small .zip file containing the required files.ย  What I like as well is that it is a self contained executable, so no installation is required.ย  The download at the time of this writing isย 981 KB, so it is a very small footprint.ย  Simply unzip the file, and run the executable.

Process-Monitor-unzipped-and-ready-for-troubleshooting
Process Monitor unzipped and ready for troubleshooting

You will see the interface that looks like the following.ย  When you launch it, Process Monitor will immediately start gathering information on all running processes and other system activity.

Troubleshooting-with-Process-Monitor-from-Sysinternals
Troubleshooting with Process Monitor from Sysinternals

Under theย Fileย menu, you will find theย Capture Eventsย menu option.ย  By default this is selected.ย  You can click or unclick the option to capture events.ย  This is handy when you want to have only as little information as possible displayed in the Process Monitor display when troubleshooting an event.ย  I like to stop the capture, clear the display, and then have the error ready to reproduce.ย  Quickly enable the Capture Events option and produce the error and then disable the capture of events again.ย  This way you only have information that is relative to the error captured.

Choosing-to-capture-events-or-disable-capturing-in-Process-Monitor
Choosing to capture events or disable capturing in Process Monitor

Under theย Edit menu, theย Clear Display option clears the current captured information.

Clearing-current-events-with-Clear-display
Choosing to capture events or disable capturing in Process Monitor

After capturing your information, you can easily use theย Edit >> Find option to find certain keywords.

Finding-a-specific-event-containing-keywords-in-Process-Monitor-Great-for-Access-denied-messages
Finding a specific event containing keywords in Process Monitor – Great for Access denied messages

Here I have reproduced the “access denied” error by trying to create a new folder item.ย  After disabling the capture, I am searching forย denied which should contain the error.

Troubleshooting-Windows-Access-Denied-errors-with-Process-Monitor-Find-utility
Finding the error source – Troubleshooting Windows Access denied errors with Process Monitor

Sure enough, I see the resulting ACCESS DENIED found in Process Monitor.ย  Great!

Finding-the-error-source-Troubleshooting-Windows-Access-denied-errors-with-Process-Monitor
Finding the error source – Troubleshooting Windows Access denied errors with Process Monitor

The above demonstration, of course doesn’t really showcase the ability of Process Monitor like a real world scenario.ย  In the case mentioned in the outset, when setting a logon user for a service, the error was “access denied”.ย  We didn’t know what the user was being denied access too.ย  Sure there is Audit Monitoring and other ways in Windows that you can get to the bottom of various errors, however, Process Monitor takes the complexity out of the equation and allows you to efficiently and effectively perform powerful troubleshooting.

Takeaways

Process Monitor is a great utility to get to know and add to your troubleshooting tools.ย  It certainly comes in handy when troubleshooting more obscure issues such as “access denied” errors and other use cases such as doing more in depth process digging.ย  Be sure to check out Process Monitor and other Sysinternal utilities as they provide great value and are free!

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.