Fix Unable to write PROCMON23.SYS in Windows 10

Registry and DLL changes in a system are monitored by the SysInternals Process Monitor. The PROCMON23.SYS file is a component of this tool. If this file is misconfigured, you would get the error while trying to enable bootlogging:

Unable to write PROCMON23.SYS, Make sure that you have permission to write to the %%SystemRoot%%\System32\Drivers directory.

Unable To Write Procmon23.sys


The procedure is a little complicated but the issue has one and only one fix.

1] Open the File Explorer and navigate to C:\Windows\System32\drivers.

2] Right-click and select Properties and go to the security tab.

3] Select the User, click on Edit, and give the necessary permissions (Full Control would be better).

Give Full Permissions For System 32 Folder


4] Now, boot your system into WinPE environment as explained here.

5] Delete the  %%SystemRoot%%\System32\Drivers\PROCMON23.sys file in the WinPE environment.

6] Search for Command Prompt in the Windows search bar and right-click on the option. Select Run as administrator.

7] Type the following command and press Enter to execute it:

C:\procmon\Procmon /BackingFile C:\procmon\log.pml /AcceptEula /Quiet /noconnect




8] Restart the system and you would be able to Enable bootlogging now.