Events and Logging
The Group Policy infrastructure has changed significantly in
Windows Vista and Windows Server "Longhorn". Group Policy processing no
longer exists within the Winlogon process but is hosted as its own
service. Additionally, the Group Policy engine no longer relies on the
trace logging found within userenv.dll.
Much of the troubleshooting for Group Policy in earlier versions of
Windows relied on enabling logging inside the component userenv.dll.
This created a log file named userenv.log in the %WINDIR%\Debug\Usermode
folder. This log file contained function trace statements with
supporting data. In addition, profile load and unload functions shared
this log file, making the log sometimes difficult to diagnose. This log
file, used in conjunction with the Resultant Set of Policy Microsoft
Management Console (RSoP MMC) was the primary way to diagnose and
resolve Group Policy problems.
In Windows Vista, Group Policy is treated as its own component with a
new Group Policy Service, a stand-alone service that runs under the
Svchost process for the purpose of reading and applying Group Policy.
The addition of this service includes new, more descriptive event log
messages specific to Group Policy and its related functions. The new
service provides a new way of enabling trace logging that is similar to
its predecessor, but involves new registry keys and log files.
To enable trace logging, add the following registry key using the
registry editor.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
GpSvcDebugLevel
REG_DWORD = 10002 (Hex)
Note
The new Group Policy service is dynamic and therefore does not require a
service restart or reboot after enabling this registry key.
This entry creates a trace log inside the %WINDIR%\Debug\Usermode folder
with the name gpsvclog.log. The contents of this file look very similar
to the contents found in the userenv.log from earlier versions of
Windows. However, because this file is not shared with any other part of
the logon process (such as profile loading and unloading), it is easier
to diagnose Group Policy issues.
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
