Set Logging via Group Policy

Logging options can be set by creating and applying a Group Policy Object, as follows:

1. Download the file gpolog.zip from http://www.gpoguy.com/gpolog.htm.
2. This zip file contains one adm file, gpolog.adm. Extract and install this adm file.
3. Create a new Group Policy Object and open the Group Policy Editor.
4. In the tree view, under “Computer Configuration”, click “Administrative Templates”.
5. At the upper menu bar, click “View”, then “Filtering...”, then uncheck the option “Only show policy settings that can be fully managed” and click “OK”.
6. Under “Computer Configuration”, “Administrative Templates”, right-click on “Administrative Templates” and select “Add/Remove Templates...”. In the Add/Remove dialog, add the file gpolog.adm.
7. Under “Computer Configuration”, “Administrative Templates”, select “System”, “Group Policy”, “Logging”. A number of options related to Group Policy logging should appear in the view pane on the right.
8. After choosing the desired options, close Group Policy Editor.
9. Using the Group Policy Management console, link this Group Policy Object to your domain, or to the computer(s) you wish to troubleshoot.

Note that because these settings are not “fully managed”, they will not be removed from the target computers' registries when the GPO is deleted or unlinked. To change the settings back using Group Policy, you must explicitly change the setting options to “Enabled” and the values to unchecked or “no logging”, etc. For settings that do not allow you to select a value, change the setting option to “Disabled”. Note that selecting “Not Configured” leaves the value in the target computer's registry unchanged.

Do not confuse this behavior with settings that are “fully managed”. With these settings, deleting the GPO, unlinking it or changing a setting to “Not Configured” removes the setting value from the registry of the target computers, causing the state to revert to its default value.