While i search data about Process creation and exit, I found a program
“TokenMon” of “www.sysinternals.com”.
By the way, I Found a bug while using “TokenMon”.
Two computers are connected with LAN(One is Windows 2000 system(A) that
TokenMon is executed and the other is Windows 2000 system(B) that TokenMon
is not executed).
In this situation, If i(B system) try to do something in the shared folder
of A system, System A(TokenMon is executing) has been downed.
But, If i use Windows NT system(C) that TokenMon is executed and B system
try to same work, System C has no problem(ie, not downed).
TokenMon has differences in action between Windows 2000 and Windows NT, to
my thinking.
I wonder what cause system A to be downed in first situation.
There was another difference between Windows 2000 and Windows NT.
When System B accesses to System A(Windows 200) (with Administrator
privilege), and when System A creates a process (with Administrator
privilege), The content of LogonID of LogonID://Domain/User field of
TokenMon was different.
I think that “TokenMon” distinguishs between LOCAL LOGON USER and REMOTE
LOGON USER.
But, When System B accesses to System C(Windows NT), and when System C
creates a process, The content of LogonID of LogonID://Domain/User field
of TokenMon was same.
I wonder what cause this different result.
Thanks for any suggestions!
Sincerely!