15.4. Enabling GPO Client Logging
Problem
You want to troubleshoot GPO processing issues on a client or server by enabling additional logging in the Application event log.
Solution
Using a graphical user interface
Run
regedit.exefrom the command line or Start → Run.In the left pane, expand HKEY_LOCAL_MACHINE → Software → Microsoft → Windows NT → CurrentVersion.
If the Diagnostics key doesn’t exist, right-click on CurrentVersion and select New → Key. Enter Diagnostics for the name and hit enter.
Right-click on Diagnostics and select New → DWORD value. Enter RunDiagnosticLoggingGroupPolicy for the value name.
In the right pane, double-click on RunDiagnosticLoggingGroupPolicy and enter 1.
Click OK.
Using a command-line interface
> reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics" /v[RETURN]
"RunDiagnosticLoggingGroupPolicy" /t REG_DWORD /d 1Using VBScript
' This code enables GPO logging on a target computer
' ------ SCRIPT CONFIGURATION ------
strComputer = "<ComputerName>" ' e.g. rallen-w2k3
' ------ END CONFIGURATION ---------
const HKLM = &H80000002
strRegKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strComputer _
& "\root\default:StdRegProv")
objReg.SetDwordValue HKLM, strRegKey, "RunDiagnosticLoggingGroupPolicy", 1
WScript.Echo "Enabled GPO logging for " & strComputerDiscussion
If you experience problems with client GPO processing, such as a GPO not getting applied even though you think it should, there aren’t ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access