Recipe 15.4 Enabling GPO Client Logging
15.4.1 Problem
You want to troubleshoot GPO
processing issues on a
client or server by enabling additional logging in the Application
event log.
15.4.2 Solution
15.4.2.1 Using a graphical user interface
Run regedit.exe from the command line or Start
Run. In the left pane, expand HKEY_LOCAL_MACHINE Software
Microsoft Windows NT CurrentVersion. If the Diagnostics key doesn't exist, right-click on
CurrentVersion and select New Key. Enter Diagnostics for
the name and hit enter. Right-click on Diagnostics and select New DWORD value.
Enter RunDiagnosticLoggingGroupPolicy for the value name. In the right pane, double-click on RunDiagnosticLoggingGroupPolicy
and enter 1. Click OK.
15.4.2.2 Using a command-line interface
> reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics" /v[RETURN]
"RunDiagnosticLoggingGroupPolicy" /t REG_DWORD /d 1
15.4.2.3 Using VBScript
' This code enables GPO logging on a target computer
' ------ SCRIPT CONFIGURATION ------
strComputer = "<ComputerName>" ' e.g. rallen-w2k3
' ------ END CONFIGURATION ---------
const HKLM = &H80000002
strRegKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strComputer _
& "\root\default:StdRegProv")
objReg.SetDwordValue HKLM, strRegKey, "RunDiagnosticLoggingGroupPolicy", 1
WScript.Echo "Enabled GPO logging for " & strComputer
15.4.3 Discussion
If you experience problems with client GPO processing, such as a GPO
not getting applied even though you think it should, there
aren't many tools that can help you troubleshoot the
problem. One way to get detailed information about what GPOs are
applied on a client is by enabling additional GPO event logging. If
you set the RunDiagnosticLoggingGroupPolicy
Registry value to 1, extensive logging will be done in the
Application event log. Events detailing the beginning of the GPO
processing cycle, what GPOs are applied, and any errors encountered
will all be logged. Here is an example of a log message that shows
which GPOs are going to be applied on the host DC1. To disable this
logging, either delete RunDiagnosticLoggingGroupPolicy or set the
value to 0.
Here is a sample event log message:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1031
Date: 5/26/2003
Time: 5:52:13 PM
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Group Policy objects to be applied: "Default Domain Policy" "Default Domain
Controllers Policy" .
15.4.4 See Also
MS KB 186454 (How to Enable User Environment
Event Logging in Windows 2000)
|