15.4. Enabling GPO Client Logging
Problem
You want to troubleshoot GPO processing issues on a client or server by enabling additional logging in the Application event log.
Solution
Using a graphical user interface
Run
regedit.exe
from the command line or Start → Run.In the left pane, expand HKEY_LOCAL_MACHINE → Software → Microsoft → Windows NT → CurrentVersion.
If the Diagnostics key doesn’t exist, right-click on CurrentVersion and select New → Key. Enter Diagnostics for the name and hit enter.
Right-click on Diagnostics and select New → DWORD value. Enter RunDiagnosticLoggingGroupPolicy for the value name.
In the right pane, double-click on RunDiagnosticLoggingGroupPolicy and enter 1.
Click OK.
Using a command-line interface
> reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics" /v[RETURN]
"RunDiagnosticLoggingGroupPolicy" /t REG_DWORD /d 1
Using VBScript
' This code enables GPO logging on a target computer
' ------ SCRIPT CONFIGURATION ------
strComputer = "<ComputerName
>" ' e.g. rallen-w2k3
' ------ END CONFIGURATION ---------
const HKLM = &H80000002
strRegKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strComputer _
& "\root\default:StdRegProv")
objReg.SetDwordValue HKLM, strRegKey, "RunDiagnosticLoggingGroupPolicy", 1
WScript.Echo "Enabled GPO logging for " & strComputer
Discussion
If you experience problems with client GPO processing, such as a GPO not getting applied even though you think it should, there aren’t ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.