none
GPresult.exe and "Last time Group Policy was applied

    Frage

  • I am looking for where on the computer (log file, registry, file time/date stamp, wmi, etc?) the values of "Last time Group Policy was applied
    Freitag, 11. Dezember 2009 19:46

Antworten

  • The time values you are looking for are here in registry:
    "SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}"
    You need to read and examine 4 values here:
    StartTimeHi
    StartTimeLo
    EndTimeHi
    EndTimeLo
    As you can see there the values are in High and Low bytes which efforts some converting steps.
    But with some scripting this is no problem...


    Patrick
    • Als Antwort markiert Bruce-Liu Donnerstag, 17. Dezember 2009 02:28
    Sonntag, 13. Dezember 2009 22:27
  • Hi upinya,


    The value of "Last time Group Policy was applied" shown in gpresult.exe is usually the last time that the periodic policy started to process. It can also be found in Event Viewer Operational Logs or userenv.log.

    In Windows Vista or Windows Server 2008, you can take advantage of the new Event Viewer Operational Logs to find the "Last time Group Policy was applied". The Group Policy operational log within the Event Viewer, found under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational, provides excellent instrumentation of each step of the Group Policy processing cycle, including time spent during each phase of processing. In this log, you can find the latest event with ID 4007 and the general information is started with "Starting periodic policy processing for user". This time is the "Last time Group Policy was applied".

     

    If you are not working in a Windows Vista or Windows Server 2008 environment, the mechanisms for measuring policy processing times are less direct. In that case, your choices are to enable verbose userenv logging (see the Microsoft support article at support.microsoft.com/kb/221833) and view the timestamps within that file for a given processing cycle, or to use the values held in the registry on the client that indicate start and stop times for policy processing.

     

    For more information, please refer to:

     

    http://technet.microsoft.com/en-us/magazine/2008.01.gpperf.aspx

     

    Regards,

    Bruce

    • Als Antwort markiert Bruce-Liu Donnerstag, 17. Dezember 2009 02:28
    Montag, 14. Dezember 2009 09:14

Alle Antworten

  • Hi,
     You can run gpresult to see that information.

    Thanks,
    Guy
    Freitag, 11. Dezember 2009 21:21
  • The time values you are looking for are here in registry:
    "SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}"
    You need to read and examine 4 values here:
    StartTimeHi
    StartTimeLo
    EndTimeHi
    EndTimeLo
    As you can see there the values are in High and Low bytes which efforts some converting steps.
    But with some scripting this is no problem...


    Patrick
    • Als Antwort markiert Bruce-Liu Donnerstag, 17. Dezember 2009 02:28
    Sonntag, 13. Dezember 2009 22:27
  • Hi upinya,


    The value of "Last time Group Policy was applied" shown in gpresult.exe is usually the last time that the periodic policy started to process. It can also be found in Event Viewer Operational Logs or userenv.log.

    In Windows Vista or Windows Server 2008, you can take advantage of the new Event Viewer Operational Logs to find the "Last time Group Policy was applied". The Group Policy operational log within the Event Viewer, found under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational, provides excellent instrumentation of each step of the Group Policy processing cycle, including time spent during each phase of processing. In this log, you can find the latest event with ID 4007 and the general information is started with "Starting periodic policy processing for user". This time is the "Last time Group Policy was applied".

     

    If you are not working in a Windows Vista or Windows Server 2008 environment, the mechanisms for measuring policy processing times are less direct. In that case, your choices are to enable verbose userenv logging (see the Microsoft support article at support.microsoft.com/kb/221833) and view the timestamps within that file for a given processing cycle, or to use the values held in the registry on the client that indicate start and stop times for policy processing.

     

    For more information, please refer to:

     

    http://technet.microsoft.com/en-us/magazine/2008.01.gpperf.aspx

     

    Regards,

    Bruce

    • Als Antwort markiert Bruce-Liu Donnerstag, 17. Dezember 2009 02:28
    Montag, 14. Dezember 2009 09:14
  • Don't believe in end to end solutions?  Would help if you stated what the container was for the registry i.e. HKLM.

    Also what are the converting steps?  If you were on the receiving end of this and had no knowledge of how to check, do you think this post could have helped?

    Freitag, 22. April 2016 06:47
  • I totally agree.  I particularly liked "But with some scripting this is no problem...".  Umm...........how?
    Mittwoch, 9. Mai 2018 16:58
  • I totally agree.  I particularly liked "But with some scripting this is no problem...".  Umm...........how?

    $RegPath='HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}'
    $LowTime=Get-ItemProperty -path $RegPath -name "EndTimeLo"
    $HighTime=Get-ItemProperty -path $RegPath -name "EndTimeHi"
    $CompTime=([long]$HighTime.EndTimeHi -shl 32) + [long] $LowTime.EndTimeLo
    [DateTime]::FromFileTime($CompTime)

    The Powershell code above will provide the answer - but I'm thinking its not the correct place to be looking - i thought at first this nailed it - but then ran it on a non-domain joined computer and it returned some value - maybe what you are looking for but not me :(  

    Freitag, 18. Mai 2018 03:22