Skip navigation

JSI Tip 3100. How do enable Group Policy debug logging on a Windows 2000 Server?

If you encounter problems after making changes to the Default Domain and/or Default Domain Controller group policies, you can enable GPO debug logging on your server.

To enable the logging:

1. Use Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SecEdit

2. On the Edit menu, Add Value name PolicyDebugLevel, as a REG_DWORD data type. Set the data value to 2.

3. The log file will be generated as:


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.