Recipe 15.4 Enabling GPO Client Logging

Previous page
Table of content
Next page

15.4.1 Problem

You want to troubleshoot GPO processing issues on a client or server by enabling additional logging in the Application event log.

15.4.2 Solution

15.4.2.1 Using a graphical user interface

  1. Run regedit.exe from the command line or Start Run.

  2. In the left pane, expand HKEY_LOCAL_MACHINE Software Microsoft Windows NT CurrentVersion.

  3. If the Diagnostics key doesn't exist, right-click on CurrentVersion and select New Key. Enter Diagnostics for the name and hit enter.

  4. Right-click on Diagnostics and select New DWORD value. Enter RunDiagnosticLoggingGroupPolicy for the value name.

  5. In the right pane, double-click on RunDiagnosticLoggingGroupPolicy and enter 1.

  6. Click OK.
15.4.2.2 Using a command-line interface
> reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics" /v[RETURN]  "RunDiagnosticLoggingGroupPolicy" /t REG_DWORD /d 1
15.4.2.3 Using VBScript
' This code enables GPO logging on a target computer ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ComputerName>"  ' e.g. rallen-w2k3 ' ------ END CONFIGURATION --------- const HKLM = &H80000002 strRegKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics" set objReg = GetObject("winmgmts:\\" & strComputer _                        & "\root\default:StdRegProv") objReg.SetDwordValue HKLM, strRegKey, "RunDiagnosticLoggingGroupPolicy", 1 WScript.Echo "Enabled GPO logging for " & strComputer

15.4.3 Discussion

If you experience problems with client GPO processing, such as a GPO not getting applied even though you think it should, there aren't many tools that can help you troubleshoot the problem. One way to get detailed information about what GPOs are applied on a client is by enabling additional GPO event logging. If you set the RunDiagnosticLoggingGroupPolicy Registry value to 1, extensive logging will be done in the Application event log. Events detailing the beginning of the GPO processing cycle, what GPOs are applied, and any errors encountered will all be logged. Here is an example of a log message that shows which GPOs are going to be applied on the host DC1. To disable this logging, either delete RunDiagnosticLoggingGroupPolicy or set the value to 0.

Here is a sample event log message:

Event Type:        Error Event Source:        Userenv Event Category:        None Event ID:        1031 Date:                5/26/2003 Time:                5:52:13 PM User:                NT AUTHORITY\SYSTEM Computer:        DC1 Description: Group Policy objects to be applied: "Default Domain Policy" "Default Domain  Controllers Policy" .

15.4.4 See Also

MS KB 186454 (How to Enable User Environment Event Logging in Windows 2000)


Previous page
Table of content
Next page
Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456
Authors: Laura E. Hunter, Robbie Allen
BUY ON AMAZON
Project Management JumpStart
Cisco IOS Cookbook (Cookbooks (OReilly))
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy