Windows 7 / Getting Started

Troubleshooting Group Policy

Beginning with Windows Vista SP1, the Group Policy engine no longer records information in the Userenv.log. Instead, you can find detailed logging of information concerning Group Policy issues by using the following methods:

  • Use Event Viewer to view events in the Group Policy operational log for resolving issues relating to Group Policy processing on the computer.
  • nable debug logging for the Group Policy Management Editor to generate a GpEdit.log for resolving issues relating to malformed ADMX files.

For additional information on how to troubleshoot Group Policy application issues for Windows 7 and Windows Vista SP1, see "Troubleshooting Group Policy Using Event Logs" at http://technet2.microsoft.com/WindowsVista/en/library/7e940882-33b7-43db-b097-f3752c84f67f1033.mspx?mfr=true.

To successfully troubleshoot Group Policy issues on Windows Vista and later versions, we recommend performing the following sequence of steps:

  1. Start with Administrative Events under Custom Views in Event Viewer. Identify any policy failures that occurred and then examine their descriptions, the Details tab, and the More Information link for these events.
  2. Open the Group Policy Operational log and obtain the activity ID from a failure event. Then use GPLogView.exe with the -a option to filter events for this activity ID and export the results as either HTML or XML for analysis and archiving.
  3. A nalyze the GPLogView.exe output to review step-by-step policy-processing scenario events to identify any failure point and error codes for possible future troubleshooting.

Using Event Viewer

The operational log for Group Policy processing on the computer can be found in Event Viewer under Applications And Service Logs\Microsoft\Windows\Group Policy\Operational.

This Group Policy Application channel within Event Viewer records each of the step-bystep policy-processing events that occurs as Group Policy is applied on the client. This logging channel is an administrator-friendly replacement for the Userenv.log used on previous versions of Windows for troubleshooting Group Policy processing. (The Userenv.log was challenging to parse on those platforms for Group Policy events because several other types of events could be recorded in the same log.) These Group Policy operational events can provide valuable troubleshooting information such as user name, GPO list, and policy-processing metrics, such as total processing time and individual extension processing time. In addition, a unique activity ID allows for the grouping of events that occur during each Group Policy processing cycle.

Note Only the Group Policy engine logs events in the System Event Log. Group Policy extension DLLs do not log events in this channel-they log their events in the Group Policy Operational Event Log.

Table below summarizes the different ranges of event IDs in the Group Policy Application channel and their meaning.

Event ID Ranges for the Group Policy Operational Log
RangeMeaning
4000-4299Scenario Start Events
5000-5299Corresponding success scenario End Events (Scenario Start Event + 1000)
5300-5999Informational Events
6000-6299Corresponding warning scenario End Events (Scenario Start Event + 2000)
6300-6999Warning Events (Corresponding Informational Event +1000)
7000-7299Corresponding error scenario End Events (Scenario Start Event + 3000)
7300-7999Error Events (Corresponding Informational Event +2000)
8000-8999Policy scenario Success Events

Note A dministrative events relating to Group Policy are still logged in the System Event Log as on older Windows platforms, except that the event source for these events is now Group Policy instead of USERENV. Another advantage beginning with Windows Vista is that Group Policy script-processing errors (the scripts deployed through the Group Policy script extension) are now logged through the same mechanism as the rest of the Group Policy errors.

For another way of categorizing these events, see the posting named Group Policy Troubleshooting - Helpful Event Log Categories on the Group Policy Team Blog at http://blogs.technet.com/grouppolicy/archive/2009/03/04/group-policy-troubleshootinghelpful-event-log-categories.aspx.

[Previous] [Contents] [Next]