Translate

Monday, November 20, 2017

GPO debug logging

Sometimes you need to search deeper to check why GPOs don't get applied.



Therefore you can enable the debug logging of the GPO client (service).
Please DO NOT FORGET TO DISABLE IT AFTERWARDS!!!

To enable logging in the Gpsvc.log file, follow these step by step guide:

  1. Click Start , click Run , type regedit , and then click OK .

  2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows  NT\CurrentVersion

  3. On the Edit menu, point to New , and then click Key .


  4. Type Diagnostics , and then press ENTER.


  5. Right-click the Diagnostics subkey, point to New , and then click DWORD Value .


  6. Type GPSvcDebugLevel , and then press ENTER.


  7. Right-click GPSvcDebugLevel , and then click Modify .


  8. In the Value data box, type 0x30002 , and then click OK .


  9. Exit Registry Editor.


  10. At a command prompt, type the following command, and then press ENTER:

  gpupdate /force

  11. View the Gpsvc.log file in the following folder:

  %windir%\debug\usermode

Note - if the usermode folder does not exist under %WINDIR%\debug\ the gpsvc.log file will not be created. If the usermode folder does not exist, create it under %windir%\debug.


Thanks to CSS for the hint ;-)


Also check this out: https://technet.microsoft.com/en-us/library/cc749336


If you want to go REALLY DEEP then you find here more guidance.
https://mva.microsoft.com/en-US/training-courses/windows-performance-jump-start-8830
 Then you need the Windows Performance Recorder which is tracking EVERYTHING on your system. Be aware this is searching a needle in the haystack as it produces GB's of binary logs!!!