Note: A great tool for viewing the GPO logs created in this article is available for free here. http://www.sysprosoft.com/policyreporter.shtml
Its great tool.
Group Policy logging can be enabled by the addition (or changing) a registry entry.
Windows 2000/2003
Registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserEnvDebugLevel"=dword:00030002
Valid entries
- NONE 0x00000000
- NORMAL 0x00000001
- VERBOSE 0x00000002
- LOGFILE 0x00010000
- DEBUGGER 0x00020000
These values can be combined.
0x00030002
i.e. for logfile, debugger and verboose
%windir%\debug\usermode\UserEnv.log
Once setup a reboot may be needed as it doesnt seem to create the folder usermode until a reboot has been completed. However I have seen a posting that said that you can manually create the usermode folder and that the UserEnv.log file will be created without a reboot, when the gpupdate is called.
Windows 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics]
"GPSvcDebugLevel"=dword:00030002
Valid entries
- NONE 0x00000000
- NORMAL 0x00000001
- VERBOSE 0x00000002
- LOGFILE 0x00010000
- DEBUGGER 0x00020000
These values can be combined.
0x00030002
i.e. for logfile, debugger and verbose
%WINDIR%\debug\usermode\gpsvc.log
Once setup a reboot may be needed as it doesnt seem to create the folder usermode until a reboot has been completed. However I have seen a posting that said that you can manually create the usermode folder and that the UserEnv.log file will be created without a reboot, when the gpupdate is called.
References
http://technet.microsoft.com/en-us/library/cc759167(v=ws.10).aspx
http://www.sysprosoft.com/policyreporter.shtml
http://technet.microsoft.com/en-us/magazine/dd315424.aspx
No comments:
Post a Comment