Sometimes you might want to run some tracing tools like ProcMon, xperf, wpr, netsh trace, etc on a machine that logon is not completing properly.
Often you might be able to use PowerShell remoting, WMI, or psexec to get these tools launched remotely.
But for scenarios where this doesn’t work I’ve created a simple Windows service that can be applied to an offline system via Windows PE
Once the machine boots it will start tracing for specified number of seconds until it automatically stops the trace.
You can then boot back into Windows PE to grab the traces.
View the readme.txt for instructions on usage.
The binaries and Visual Studio 2015 C# project is available for download here: