Set Logging via Local Registry

The local registry values that affect Group Policy and software installation logging are:

GPO Logging to the Event Log

The following registry setting enables verbose logging of GPO processing to the computer's Application Event Log. Note that in Win2K these events show up as Informational events, while in XP, they appear as Error events.


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
RunDiagnosticLoggingGroupPolicy DWORD 1


GPO Logging to userenv.log

The following registry settings log GPO processing to the file C:\Windows\Debug\UserMode\userenv.log. Note that the modes of logging presented here are just a few of the options. For more information, see http://support.microsoft.com/kb/221833.


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
No Logging: UserEnvDebugLevel DWORD 0
Normal Logging: UserEnvDebugLevel DWORD 0x10001
Verbose Logging: UserEnvDebugLevel DWORD 0x10002


Software Deployment Logging

The following registry setting logs software installation and upgrade decisions made by the Group Policy engine to the file C:\Windows\Debug\UserMode\appmgmt.log.


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
AppmgmtDebugLevel DWORD 0x9B


Software Installation Logging

The following registry settings log all Windows Installer actions. Group Policy initiated software installation is logged to files named %windir%\temp\MSI*.log, and user initiated software installation is logged to files named %temp%\MSI*.log


HKLM\Software\Policies\Microsoft\Windows\Installer
Logging STRING voicewarmup
Debug DWORD 0x3


More Information

For more information on diagnostic logging for Group Polcy, see http://technet.microsoft.com/en-us/library/cc775423.aspx.

Set Logging via Group Policy

Logging options can be set by creating and applying a Group Policy Object, as follows:

1. Download the file gpolog.zip from http://www.gpoguy.com/Free-GPOGuy-Tools.aspx.
2. This zip file contains one adm file, gpolog.adm. Extract and install this adm file.
3. Create a new Group Policy Object and open the Group Policy Editor.
4. In the tree view, under “Computer Configuration”, click “Administrative Templates”.
5. At the upper menu bar, click “View”, then “Filtering...”, then uncheck the option “Only show policy settings that can be fully managed” and click “OK”.
6. Under “Computer Configuration”, “Administrative Templates”, right-click on “Administrative Templates” and select “Add/Remove Templates...”. In the Add/Remove dialog, add the file gpolog.adm.
7. Under “Computer Configuration”, “Administrative Templates”, select “System”, “Group Policy”, “Logging”. A number of options related to Group Policy logging should appear in the view pane on the right.
8. After choosing the desired options, close Group Policy Editor.
9. Using the Group Policy Management console, link this Group Policy Object to your domain, or to the computer(s) you wish to troubleshoot.

Note that because these settings are not “fully managed”, they will not be removed from the target computers' registries when the GPO is deleted or unlinked. To change the settings back using Group Policy, you must explicitly change the setting options to “Enabled” and the values to unchecked or “no logging”, etc. For settings that do not allow you to select a value, change the setting option to “Disabled”. Note that selecting “Not Configured” leaves the value in the target computer's registry unchanged.

Do not confuse this behavior with settings that are “fully managed”. With these settings, deleting the GPO, unlinking it or changing a setting to “Not Configured” removes the setting value from the registry of the target computers, causing the state to revert to its default value.