Although the bulk of Group Policy Processing and Troubleshooting is handled by our Directory Services team, we often collaborate on these issues – mainly when the issue relates to a user logging in and not being presented with their desktop environment as they would expect. Instead they are simply presented with a blank background (usually blue!) with no icons. It’s not the dreaded "Blue Screen of Death" – it’s a blue screen of, well … nothing. Usually we will troubleshoot this by turning on debug logging for Group Policies to capture a Userenv.log to figure out if the basic shell (explorer.exe) is even being called.
However, in Windows Vista, the Group Policy engine no longer records information in the userenv.log. Instead, detailed logging of Group Policies can be located using Event Viewer. The log for group policy processing can be found in the Event Viewer under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational – a sample is shown below.
As you can see, each of the policy processing events that occur on the client are logged in this event viewer channel. This is an administrator-friendly replacement for the userenv.log. When looking at these events in the event viewer, there are some event ranges to be aware of:
|4000 – 4299||Scenario Start Events|
|5000 – 5299||Corresponding Success Scenario End Events (scenario start event + 1000)|
|5300 – 5999||Informational Events|
|6000 – 6299||Corresponding Warning Scenario End Events (scenario start event + 2000)|
|6300 – 6999||Warning Events (Corresponding Informational Event + 1000)|
|7000 – 7299||Corresponding Error Scenario End Events (Scenario Start Event + 3000)|
|7300 – 7999||Error Events (Corresponding Informational Event + 2000)|
|8000 – 8999||Policy Scenario Success Events|
Administrative events relating to Group Policy are still logged in the System Event Log, similar to pre-Windows Vista platforms. The difference is that the event source for the event is now Group Policy instead of USERENV. In Windows Vista, the Group Policy script processing errors are also now logged through the same mechanism as the rest of the Group Policy errors.
And that brings us to the end of this quick post on Group Policy Logging on Windows Vista. Until next time …
- Microsoft KB 221833: How to enable user environment debug logging in retail builds of Windows
- Technet: Enabling Logging for Group Policy Editor (use to capture when Group Policy Object Editing Task causes errors)
- Technet: Fixing Group Policy problems by using Log Files
- Technet: Troubleshooting Group Policy Using Event Logs