GPOMG!
Group Policy driving you crazy? Here are some advanced troubleshooting tools (beyond RSOP, GPRESULT, etc.) that may be helpful. For first level troubleshooting, check out this link:
http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx
EVENT VIEWER (NEW & IMPROVED!)
Event viewer in Windows 7 has more detail about Group Policy. Start your event viewer (may need to run as an admin. account). Navigate to:
Applications and Services Logs>Microsoft>Windows>GroupPolicy>Operational
Here you will find events that are related to Group Policy processing. You can determine how long it takes to run the various pieces of your particular GP as well as diagnostic information that can be very helpful when trying to figure out what is happening with GP.
http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx
- Events 4016 and 5016 show the start and end of processing of groups of policies, including how long it took to apply each one in the end event.
- Event 5312 shows policies that will be applied, and 5317 shows policies that are explicitly filtered out.
- Events 8000 and 8001 respectively show the total processing time for computer boot and user boot GP processing, and 8006 and 8007 show the same for interim/periodic GP processing.
GPLOGVIEW TOOL
A similar tool is called GPLOGVIEW. You must run this from the elevated command prompt. It will produce a XML, HTML, or simple text file of the GP events for export and review. You can even do a live monitor while you run GPUPDATE /force.
http://technet.microsoft.com/en-us/magazine/dd315424.aspx
GPSVR/GPSVC LOG FILE
If the normal tricks above don’t provide you with enough information, this should do it! There is a service called GPSVR that gives you everything you ever wanted to know about Group Policy running on your workstation. Here is how to get more information from the GPSVR service in Windows 2008/Visa/Win 7.
Step 1: Enable logging in the Gpsvc.log file. To enable logging in the Gpsvc.log file, follow these steps:
Click Start, click Run, type regedit, and then click OK (might want to backup your registry first).
- Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
- On the Edit menu, point to New, and then click Key.
- Type Diagnostics, and then press ENTER.
- Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
- Type GPSvcDebugLevel, and then press ENTER.
- Right-click GPSvcDebugLevel, and then click Modify.
- In the Value data box, type 30002 (as hex), and then click OK.
- Exit Registry Editor.
- Reboot machine.
- At a command prompt, type the following command, and then press ENTER: gpupdate /force
- You will find the Gpsvc.log file in the following folder: %windir%\debug\usermode
Step 2: I use Notepad ++ to analyze this log file. It can help you troubleshoot, step, by step what GP is doing as your workstation/user is getting logged in. Timing, access/permission issues, SID information and more are all included in this log file.
Step 3: When you are done, change the value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics|GPSvcDebugLevel to 0x00000000 to disable the debug log or else it will continue to grow.
Charlie Newman