JSI Tip 3799. How do I monitor group policy functions?


To monitor group policy functions, I use Notepad to view the Gpedit.log and Userenv.log in the %systemRoot%\Debug\UserMode folder.

The Gpedit.log records the actions of the Group Policy snap-in and Userenv.log records processing details during the application of group policy.

To generate the appropriate level of detail, set the GPEditDebugLevel, UserenvDebugLevel, and RunDiagnosticLoggingGroupPolicy value names, each a REG_DWORD data type, at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, as follows:

RunDiagnosticLoggingGroupPolicy        0x1
GPEditDebugLevel                       0x10002
UserEnvDebugLevel                      0x10002
The GPEditDebugLevel and UserenvDebugLevel values are a bitmask:
0x0     No logging.
0x10001 Generate a log file with the standard level of detail. 
0x10002 Generate a log file with verbose detail. 
0x20001 Generate a debugging file with the standard level of detail. 
0x20002 Generate a debugging file with verbose detail.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish