Diagnostic logging of Group Policy operations and/or software installation operations can be enabled by setting registry values on each workstation where logging is to take place. There are two ways to do this. The first is by using regedit, and the second is by creating a Group Policy Object.
The local registry values that affect Group Policy and software installation logging are:
The following registry setting enables verbose logging of GPO processing to the computer's Application Event Log. Note that in Win2K these events show up as Informational events, while in XP, they appear as Error events.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
RunDiagnosticLoggingGroupPolicy DWORD 1
The following registry settings log GPO processing to the file C:\Windows\Debug\UserMode\userenv.log. Note that the modes of logging presented here are just a few of the options. For more information, see http://support.microsoft.com/kb/221833.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
No Logging: UserEnvDebugLevel DWORD 0
Normal Logging: UserEnvDebugLevel DWORD 0x10001
Verbose Logging: UserEnvDebugLevel DWORD 0x10002
The following registry setting logs software installation and upgrade decisions made by the Group Policy engine to the file C:\Windows\Debug\UserMode\appmgmt.log.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
AppmgmtDebugLevel DWORD 0x9B
The following registry settings log all Windows Installer actions. Group Policy initiated software installation is logged to files named %windir%\temp\MSI*.log, and user initiated software installation is logged to files named %temp%\MSI*.log
HKLM\Software\Policies\Microsoft\Windows\Installer
Logging STRING voicewarmup
Debug DWORD 0x3
For more information on diagnostic logging for Group Polcy, see http://technet.microsoft.com/en-us/library/cc775423.aspx.
Logging options can be set by creating and applying a Group Policy Object, as follows:
Note that because these settings are not “fully managed”, they will not be removed from the target computers' registries when the GPO is deleted or unlinked. To change the settings back using Group Policy, you must explicitly change the setting options to “Enabled” and the values to unchecked or “no logging”, etc. For settings that do not allow you to select a value, change the setting option to “Disabled”. Note that selecting “Not Configured” leaves the value in the target computer's registry unchanged.
Do not confuse this behavior with settings that are “fully managed”. With these settings, deleting the GPO, unlinking it or changing a setting to “Not Configured” removes the setting value from the registry of the target computers, causing the state to revert to its default value.