Note: A great tool for viewing the GPO logs created in this article is available for free here. http://www.sysprosoft.com/policyreporter.shtml
Its great tool.
Group Policy logging can be enabled by the addition (or changing) a registry entry.
Windows 2000/2003
Registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserEnvDebugLevel"=dword:00030002
Valid entries
- NONE 0x00000000
- NORMAL 0x00000001
- VERBOSE 0x00000002
- LOGFILE 0x00010000
- DEBUGGER 0x00020000
These values can be combined.
0x00030002
i.e. for logfile, debugger and verboose
%windir%\debug\usermode\UserEnv.log
Once setup a reboot may be needed as it doesnt seem to create the folder usermode until a reboot has been completed. However I have seen a posting that said that you can manually create the usermode folder and that the UserEnv.log file will be created without a reboot, when the gpupdate is called.
Windows 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics]
"GPSvcDebugLevel"=dword:00030002
Valid entries
- NONE 0x00000000
- NORMAL 0x00000001
- VERBOSE 0x00000002
- LOGFILE 0x00010000
- DEBUGGER 0x00020000
These values can be combined.
0x00030002
i.e. for logfile, debugger and verbose
%WINDIR%\debug\usermode\gpsvc.log
Once setup a reboot may be needed as it doesnt seem to create the folder usermode until a reboot has been completed. However I have seen a posting that said that you can manually create the usermode folder and that the UserEnv.log file will be created without a reboot, when the gpupdate is called.
References
http://technet.microsoft.com/en-us/library/cc759167(v=ws.10).aspx
http://www.sysprosoft.com/policyreporter.shtml
http://technet.microsoft.com/en-us/magazine/dd315424.aspx
Enabling Group Policy logging is essential for troubleshooting and tracking changes in your network environment. With Sky node advanced tools, you can streamline the logging process and ensure better management and monitoring of Group Policy settings across your systems.
ReplyDelete