Logging Group Policy and/or Software Installation

Diagnostic logging of Group Policy operations and/or software installation operations can be enabled by setting registry values on each workstation where logging is to take place. There are two ways to do this. The first is by using regedit, and the second is by creating a Group Policy Object.

Set Logging via Local Registry

The local registry values that affect Group Policy and software installation logging are:

GPO Logging to the Event Log

The following registry setting enables verbose logging of GPO processing to the computer's Application Event Log. Note that in Win2K these events show up as Informational events, while in XP, they appear as Error events.


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
RunDiagnosticLoggingGroupPolicy REG_DWORD 1

GPO Logging to userenv.log

The following registry settings log GPO processing to the file C:\Windows\Debug\UserMode\userenv.log. Note that the modes of logging presented here are just a few of the options. For more information, see http://support.microsoft.com/kb/221833.


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
No Logging: UserEnvDebugLevel REG_DWORD 0
Normal Logging: UserEnvDebugLevel REG_DWORD 0x10001
Verbose Logging: UserEnvDebugLevel REG_DWORD 0x10002

Software Installation Logging

The following registry setting logs all activity related to software installation to the file C:\Windows\Debug\UserMode\appmgmt.log.


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
AppmgmtDebugLevel REG_DWORD 0x9B

Set Logging via Group Policy

Logging options can be set by creating and applying a Group Policy Object, as follows:

  1. Download the file gpolog.zip from http://www.gpoguy.com/gpolog.htm.
  2. This zip file contains one adm file, gpolog.adm. Extract and install this adm file.
  3. Create a new Group Policy Object and open the Group Policy Editor.
  4. In the tree view, under “Computer Configuration”, click “Administrative Templates”.
  5. At the upper menu bar, click “View”, then “Filtering...”, then uncheck the option “Only show policy settings that can be fully managed” and click “OK”.
  6. Under “Computer Configuration”, “Administrative Templates”, right-click on “Administrative Templates” and select “Add/Remove Templates...”. In the Add/Remove dialog, add the file gpolog.adm.
  7. Under “Computer Configuration”, “Administrative Templates”, select “System”, “Group Policy”, “Logging”. A number of options related to Group Policy logging should appear in the view pane on the right.
  8. After choosing the desired options, close Group Policy Editor.
  9. Using the Group Policy Management console, link this Group Policy Object to your domain, or to the computer(s) you wish to troubleshoot.

Note that because these settings are not “fully managed”, they will not be removed from the target computers' registries when the GPO is deleted or unlinked. To change the settings back using Group Policy, you must explicitly change the setting options to “Enabled” and the values to unchecked or “no logging”, etc. For settings that do not allow you to select a value, change the setting option to “Disabled”. Note that selecting “Not Configured” leaves the value in the target computer's registry unchanged.

Do not confuse this behavior with settings that are “fully managed”. With these settings, deleting the GPO, unlinking it or changing a setting to “Not Configured” removes the setting value from the registry of the target computers, causing the state to revert to its default value.

Additional Options for Installer Logging

There are additional options for detailed logging of Windows Installer operations that can be set via the local registry or via Group Policy. For more information, see http://support.microsoft.com/kb/314852.