Wednesday, May 24, 2006

Using log files to Debug Group Policy

If your having difficulty getting to the bottom of Group Policy problems having used GPOTool to check consistency and RSOP to check processing, logging is the next step. Enabling this logging tracks all changes and settings applied to the machine as it starts and the user as they log on.

The log file is located in the %windir%\debug\UserMode folder called Userenv.log

Key: HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon
Name: UserEnvDebugLevel

UserEnvDebugLevel = Hex 10002 enables logging
UserEnvDebugLevel = Hex 30002 enables Verbose logging

I recommend that you remove any existing log file and then use gpupdate /force to re-apply group policy or restart the machine for a complete Machine Start and User logon debug.
Carefully review the log for problems and errors. If you are having difficult interpreting the log file consider reading this article.