none
GPO debug logging for Windows 7 RRS feed

  • Question

  • How to enable enable GPO debug logging in Windows 7 and Windows 2008 R2 machines? The procedure I used to follow for XP is not working now.

    Thanks,
    Sitaram
    Thanks, Sitaram http://techibee.com http://sitaram-pamarthi.com
    Thursday, January 7, 2010 7:52 AM

Answers

  • Hi Sitaram,

     

    From Windows Vista, the Group Policy engine no longer records information in the userenv.log. Instead, detailed logging of Group Policies can be located using Event Viewer.

     

    Therefore, besides the gpsvc.log, the log for group policy processing can be found in the Event Viewer under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational.

     

    For more information, please refer to:

     

    http://blogs.technet.com/askperf/comments/2975012.aspx

     

    Hope this will be helpful for you.

     

    Regards,

    Bruce

    • Marked as answer by Bruce-Liu Wednesday, January 13, 2010 7:05 AM
    Friday, January 8, 2010 7:15 AM
  • Yes, this key does exist by default and therefore you have to create it.
    You can use the 2 lines I posted as part of a .reg file and simply import it to registry.

    By the way, the resulting log file will be
    %WINDIR%\debug\usermode\gpsvc.log


    Patrick
    • Marked as answer by pamarths Thursday, January 7, 2010 4:03 PM
    Thursday, January 7, 2010 11:46 AM

All replies

  • The userenv.log file is no longer present in Windows 7.
    But Windows 7 by default logs many events to event log. This seems to be the new strategy at Microsoft.
    For Group Policy there is a own "Operational" event log file that contains really many information.
    In addition, there is a tool called "GPLogView" that can be used to filter and export (text, html, xml) the GP related event log.

    Natively text based log files instead can only be created for some components.
    The required parameters to activate text based log files are not officially documented by Microsoft.

    In Windows 7 GPO processing is performed by a service called "Goup Policy Client" .
    A log file can be written by the service when implementing the following registry value:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics]
    "GPSvcDebugLevel"=dword:00030002

    The resulting log file does not contain as much information as the userenv.log in Windows XP,
    but that is because all the non GP related actions (log on process, profiles, etc) are not part of this log.
    It is dedicated to group policy actions only.

    Patrick
    Thursday, January 7, 2010 10:14 AM
  • Patric, I don't see "Diagnostics" key under CurrentVersion. Do I need to create that key?
    Thanks, Sitaram http://techibee.com http://sitaram-pamarthi.com
    Thursday, January 7, 2010 10:21 AM
  • Yes, this key does exist by default and therefore you have to create it.
    You can use the 2 lines I posted as part of a .reg file and simply import it to registry.

    By the way, the resulting log file will be
    %WINDIR%\debug\usermode\gpsvc.log


    Patrick
    • Marked as answer by pamarths Thursday, January 7, 2010 4:03 PM
    Thursday, January 7, 2010 11:46 AM
  • Thanks much Patrick. It worked for me.

    To help people like me, I stashed the details to http://techibee.com/group-policies/enable-group-policy-debugging-on-windows-7/191

    Thanks again..!!

    ~Sitaram
    Thanks, Sitaram http://techibee.com http://sitaram-pamarthi.com
    Thursday, January 7, 2010 4:03 PM
  • Hi Sitaram,

     

    From Windows Vista, the Group Policy engine no longer records information in the userenv.log. Instead, detailed logging of Group Policies can be located using Event Viewer.

     

    Therefore, besides the gpsvc.log, the log for group policy processing can be found in the Event Viewer under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational.

     

    For more information, please refer to:

     

    http://blogs.technet.com/askperf/comments/2975012.aspx

     

    Hope this will be helpful for you.

     

    Regards,

    Bruce

    • Marked as answer by Bruce-Liu Wednesday, January 13, 2010 7:05 AM
    Friday, January 8, 2010 7:15 AM
  • It looks like Windows 2008R2/Win7 are still missing the ability to log all logon events that usrenvdebug log did.  I really would like that functionality back as it is indispensible for trouble shooting long logon times and to verify if logon scripts are running.
    Michael Pekarik Syntax, Inc.
    Thursday, October 27, 2011 9:47 PM
  • As stated before, there is GPSVCDebugLevel

    Value Path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics

    Value Name: GPSvcDebugLevel

    Value Type: REG_DWORD

    Value Data: 30002 (hex)

    Which gives enhanced Group Policy logging ---- HOWEVER

    For those looking for PROFILE LOGGING!!!!!

    Microsoft provides a mechanism for enhanced userenv debug logging. However, unfortunately you have to send it to them.

     

    To start Profile logging (from a Command Prompt):

     

    • logman -start profile -p {eb7428f5-ab1f-4322-a4cc-1f1a9b2c5e98} 255 3 -ets

     

    To stop Profile logging (from a Command Prompt):

     

    • logman -stop -profile -ets

     

    This creates a LOG File with a ETL format (in c:\windows\system32) in an encoded format which only Microsoft can read *they have an ETL viewer* - I begged them for the tool but they wouldn't give it to me.
    So basically there is profile logging (i.e. Same information as UserEnvDebug.log) for Windows 7 - however Microsoft seem to want to charge you for reading / debugging it!

     






    • Proposed as answer by Jools86 Wednesday, January 4, 2012 5:05 PM
    • Edited by Jools86 Wednesday, January 4, 2012 5:07 PM
    Wednesday, January 4, 2012 5:03 PM
  • You can read event trace log (ETL) format files with Microsoft Windows Performance Analyzer or with Microsoft Service Trace Viewer (SvcTraceViewer.exe)

     

    Check out the Windows Performance Analysis Developer Center --  http://msdn.microsoft.com/en-us/performance/cc709422

    and then download the latest Microsoft Windows SDK for Windows 7-- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3138


    • Edited by it350 Thursday, January 26, 2012 11:57 PM
    Thursday, January 26, 2012 11:56 PM
  • thats correct as you said in Pluralsight course.
    Sunday, August 28, 2016 11:04 AM