Useful Tips for TroubleShooting Group Policies

I have been spending some time up with our GTSC support department here in the U.K. and it has been fascinating. These Guys and Girls really rock and know their stuff ! While I was there one of the Engineers Kam Patel gave me some really great insight on how Group Policies work, function and are Troubleshooted. A useful tip which I think you may find of interest is ;

1. If you switch on Userenv Logging as follows;

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry key. Setting it to 10002 (Hex) will result in verbose logging. This gives you very detailed information but also significantly increases the size of the UserEnv.LOG, so main use would be for troubleshooting. To switch it back to the default, either delete the UserEnvDebugLevel entry or set it to 10001 (Hex). To disable it completely, set its value to 0.

Related KB article is ;

How to enable user environment debug logging in retail builds of Windows

The resultant log file that gets created gives you some excellent detailed information in troubleshooting your Group Policy or User Profile Problems.  This log file however will wrap around after about 1.5mb of data gets created and creates a Userenv.bak logfile.  Sometimes you will see that the Userenv log file is much larger. This just means that the machines has not process any group policies e.g. boot up of the machine or a Logon/Loggoff process or a Gpupdate /Force. A good tip is if you are troubleshooting an environment such as a Terminal Server environment with multiple logon events happening, and wish to track all the events without losing them due to wrap arounds of the log. The way to achieve this is to make the Usernv.bak file Read Only. This will cause the Userenv.log file to not wrap around thus capturing all the relevant events for you to troubleshoot.

BTW  - this log file is stored in the following directly location.

%Systemroot%\Debug\UserMode\Userenv.log file

Skip to main content