GPLogView

  • Article

Hey everyone!

If you haven't seen it you need to check it out (GPLogView). This tool is very cool and can really help you drill down into what is happening with Group Policy. It is simple to get up and running and simple to operate. It is primarily used to export Group Policy related events from the system and operational logs into HTML and XML. But there are some other hidden gems in here.

Group Policy has come a very long way in event reporting in Windows Vista which really increases your ability to more efficiently work with the system. The whole eventing system in Vista has been enhanced which is great, but the GPLogView tool gives you targeted information in an easy to read report quick and easy.

The options available from GPLogView are;

***************

Usage: GPLogView.exe [options]
        where supported options are
        -?: shows this usage message
        -o [output file name]: Output file name required for text, xml or html;
            not valid if -m if specified
        -n: do not output the activity id
        -p: dump the process id and thread id associated with each event
        -a [activity id guid]: shows only events matching the given activity id
        -aa: show start events and activity IDs for the whole log (cannot use with -m)
        -m: runs the tool in monitor mode displaying events in real time
        -x: Dumps the event in XML, the only other options allowed with this option is -m and -a
            but not both together
        -h: Dumps the events in HTML format, -m or -x option is not allowed,
            -a and -n are allowed but not both together. Also must specify -o option
        -i [EVTX file]: Use specified input file instead of the live logs.

        Example: GPLogView.exe -o GPEvents.txt
        Example: GPLogView.exe -n -o GPEvents.txt
        Example: GPLogView.exe -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.txt
        Example: GPLogView.exe -i savedlog.evtx -o GPEvents.txt
        Example: GPLogView.exe -x -o GPEvents.xml
        Example: GPLogView.exe -x -m
        Example: GPLogView.exe -x -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.xml
        Example: GPLogView.exe -h -o GPEvents.html
        Example: GPLogView.exe -h -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.html

*****************

One option that I found very interesting is 'monitor mode'. This allows me to run the tool with the -m switch and watch what goes on when you run GPUpdate. I love anything out there that makes my troubleshooting easier! Try it and see what you think.

Best,

Kevin Sullivan
Lead Program Manager
Group Policy