Troubleshooting Group Policy
Beginning with Windows Vista SP1, the Group Policy engine no longer records information in the Userenv.log. Instead, you can find detailed logging of information concerning Group Policy issues by using the following methods:
- Use Event Viewer to view events in the Group Policy operational log for resolving issues relating to Group Policy processing on the computer.
- nable debug logging for the Group Policy Management Editor to generate a GpEdit.log for resolving issues relating to malformed ADMX files.
For additional information on how to troubleshoot Group Policy application issues for Windows 7 and Windows Vista SP1, see "Troubleshooting Group Policy Using Event Logs" at http://technet2.microsoft.com/WindowsVista/en/library/7e940882-33b7-43db-b097-f3752c84f67f1033.mspx?mfr=true.
To successfully troubleshoot Group Policy issues on Windows Vista and later versions, we recommend performing the following sequence of steps:
- Start with Administrative Events under Custom Views in Event Viewer. Identify any policy failures that occurred and then examine their descriptions, the Details tab, and the More Information link for these events.
- Open the Group Policy Operational log and obtain the activity ID from a failure event. Then use GPLogView.exe with the -a option to filter events for this activity ID and export the results as either HTML or XML for analysis and archiving.
- A nalyze the GPLogView.exe output to review step-by-step policy-processing scenario events to identify any failure point and error codes for possible future troubleshooting.
Using Event Viewer
The operational log for Group Policy processing on the computer can be found in Event Viewer under Applications And Service Logs\Microsoft\Windows\Group Policy\Operational.
This Group Policy Application channel within Event Viewer records each of the step-bystep policy-processing events that occurs as Group Policy is applied on the client. This logging channel is an administrator-friendly replacement for the Userenv.log used on previous versions of Windows for troubleshooting Group Policy processing. (The Userenv.log was challenging to parse on those platforms for Group Policy events because several other types of events could be recorded in the same log.) These Group Policy operational events can provide valuable troubleshooting information such as user name, GPO list, and policy-processing metrics, such as total processing time and individual extension processing time. In addition, a unique activity ID allows for the grouping of events that occur during each Group Policy processing cycle.
Note Only the Group Policy engine logs events in the System Event Log. Group Policy extension DLLs do not log events in this channel-they log their events in the Group Policy Operational Event Log.
Table below summarizes the different ranges of event IDs in the Group Policy Application channel and their meaning.
Event ID Ranges for the Group Policy Operational LogRange | Meaning |
4000-4299 | Scenario Start Events |
5000-5299 | Corresponding success scenario End Events (Scenario Start Event + 1000) |
5300-5999 | Informational Events |
6000-6299 | Corresponding warning scenario End Events (Scenario Start Event + 2000) |
6300-6999 | Warning Events (Corresponding Informational Event +1000) |
7000-7299 | Corresponding error scenario End Events (Scenario Start Event + 3000) |
7300-7999 | Error Events (Corresponding Informational Event +2000) |
8000-8999 | Policy scenario Success Events |
Note A dministrative events relating to Group Policy are still logged in the System Event Log as on older Windows platforms, except that the event source for these events is now Group Policy instead of USERENV. Another advantage beginning with Windows Vista is that Group Policy script-processing errors (the scripts deployed through the Group Policy script extension) are now logged through the same mechanism as the rest of the Group Policy errors.
For another way of categorizing these events, see the posting named Group Policy Troubleshooting - Helpful Event Log Categories on the Group Policy Team Blog at http://blogs.technet.com/grouppolicy/archive/2009/03/04/group-policy-troubleshootinghelpful-event-log-categories.aspx.
In this tutorial:
- Managing the Desktop Environment
- Understanding Group Policy in Windows 7
- Group Policy Before Windows Vista
- Group Policy in Windows Vista and Windows Server 2008
- New Group Policy Features in Windows 7 and Windows Server 2008 R2
- Group Policy Policy Settings in Windows 7
- Understanding ADMX Template Files
- Types of ADMX Template Files
- Local Storage of ADMX Template Files
- Considerations When Working with ADMX Template Files
- Understanding Multiple Local Group Policy
- MLGPOs and Group Policy Processing
- Managing Group Policy
- Adding ADMX Templates to the Store
- Creating and Managing GPOs
- Using Starter GPOs
- Creating and Managing GPOs Using the GPMC
- Creating and Managing GPOs Using Windows PowerShell
- Editing GPOs
- Configuring Policy Settings
- Configuring Preference Items
- Managing MLGPOs
- Migrating ADM Templates to ADMX Format
- Converting ADM Template Files to ADMX Format
- Creating and Editing Custom ADMX Template Files
- Configuring Group Policy Processing
- Using Advanced Group Policy Management
- Troubleshooting Group Policy
- Enabling Debug Logging
- Using Group Policy Log View
- Using GPResult