Troubleshooting Group Policy

While, the recommended location for detailed information related to Group Policy issues is the Event Viewer, Windows 7 includes a debugging feature and a tool that gives you additional troubleshooting clout. From the Event Viewer you can identify policy failures and examine their description and then using the logs for a step-by-step analysis as described below:

The operational log for Group Policy processing on the computer can be found in the Event Viewer under Applications and Service Logs\Microsoft\Windows\Group Policy\Operational as shown below:

This log records each step of the policy processing events that occurs as Group Policy is applied on the client computer. This log replaces the Userenv.log used on previous versions of Windows for troubleshooting Group Policy processing. Apart from the useful information such as, user names, GPO list, total processing time and individual extension processing time stored in this operational log , the most useful piece of information is the activity ID. This unique ID allows for the grouping of events that occur during each Group Policy processing cycle.

It is worth noting that administrative events related to Group Policy are still logged in the System Event log as in previous versions of Windows. Only the Group Policy engine logs events in the System Event log whereas all other events such as, extension DLLs and scripts deployed through Group Policy are logged in the Group Policy Operational Event log.

Enabling Debug Logging

To enable more detailed logging for the Group Policy Editor, Windows 7 provides you with a registry key for troubleshooting purposes. You can enable debug logging by creating and configuring the following REG_DWORD registry value:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPEditDebugLevel with the value of 0×10002.

As already mentioned this value is used for troubleshooting purposes and it will automatically create a GpEdit.log file in %SystemRoot%\debug\usermode folder.

Using additional log tools

The GPLogView.exe is a command-line troubleshooting tool that you can use to export Group Policy events logged in the System Event and Operational Event logs into a text, HTML or XML file. You can download the GPLogView.exe from here. For more information about this tool go here.

Using the GPResult tool

GPResult.exe is a command-line tool built into Windows 7 that can be used for displaying Group Policy settings and Resultant Set of Policy (RSoP) information for a specified user or computer. The option /x allows you to save the report in XML format while the /h saves the report in HTML format at the location and with the filename specified by the filename parameter. Finally, GPResult now requires command-line parameters when it is run and for more information about this tool go here.

Share