If you encounter problems after making changes to the Default Domain and/or Default Domain Controller group policies, you can enable GPO debug logging on your server.
To enable the logging:
1. Use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SecEdit
2. On the Edit menu, Add Value name PolicyDebugLevel, as a REG_DWORD data type. Set the data value to 2.
3. The log file will be generated as:
%SystemRoot%\security\logs\Scepol.log
0 comments
Hide comments