Another Tool to add to your Group Policy Vista Troubleshooting Kit
Well I have been talking quite a bit around Group Policies recently. Well that is because I have been involved with some colleagues in putting together some material for a new Group Policy Course that will be hopefully available soon to Premier Customers. One of the tools that I came across in my research was GPOLogView.
Group Policy Log Viewer (GPLOGVIEW)
Group Policy Log viewer (GPLOGVIEW) is a tool that enables you to really identify what is happening when a Group Policy is run. This is a tool that was released for Windows Vista Operating system and is run from the command line. It is available for download from Microsoft’s Web Site.
This tool is very simple to use and has a minimum overhead to run. The pre-requisites for installation are;
Supported Operating Systems: Windows Vista
- Windows Vista
- Must install as under Local Administrative privileges.
- Must run utility from an elevated command prompt
If you run the command from the command line GPLOGVIEW.EXE -? you will get a list of all the possible command line options. The one I found pretty useful to compare to Userenv.Log was the option below. This was previously blogged about by Kevin Sullivan last year. https://blogs.technet.com/grouppolicy/archive/2007/02/08/gplogview.aspx
Monitor Mode
One option that is very useful is 'monitor mode'. This allows you to run the tool with the -m switch and will allow you watch what is actually processed and run when you run GPUpdate from the command line of the Computer.
The output that this produces can be quite lengthy and in depth dependant on the number of Group Policies that are being processed. This file can be parsed to a text file by typing in the following command;
GPLOGVIEW -M >>GPLOGVIEW.TXT
See below for example of output from the above command. This puts the output into an easy to read format to allow you to identify exactly what Group Policies are being processed by the Vista Machine and facilitate your Troubleshooting. It is more readable than a Userenv.log file and exactly pinpoints the time and date of each action that processes a Group Policy from Start to finish.
(Beginning of Log)
Running in Monitor Mode.
SUCCESS: Subscribing to all Events from System Channel...
SUCCESS: Subscribing to all Events from Microsoft-Windows-GroupPolicy/Operational Channel...
2008-03-25 14:09:19.688 4005 4e200110-5003-4842-93c1-0555b457227b Starting manual processing of policy for user contoso\bbloggs
Activity id: {4E200110-5003-4842-93C1-0555B457227B}
2008-03-25 14:09:19.688 4004 351dd5a9-9ba9-4ed0-93d8-5bd149495daa Starting manual processing of policy for computer Contoso\COMPUTER1MK2$.
Activity id: {351DD5A9-9BA9-4ED0-93D8-5BD149495DAA}
2008-03-25 14:09:19.688 5320 4e200110-5003-4842-93c1-0555b457227b Attempting to retrieve the account information.
2008-03-25 14:09:19.688 4017 4e200110-5003-4842-93c1-0555b457227b Making system call to get account information.
2008-03-25 14:09:19.688 5017 4e200110-5003-4842-93c1-0555b457227b The system call to get account information completed.
CN=belinda Blogs,OU=UserAccounts,DC=contos,DC=Com
The call completed in 0 milliseconds.
2008-03-25 14:09:19.688 5320 4e200110-5003-4842-93c1-0555b457227b Retrieved account information.
(Further into body of Log)
2008-03-25 14:09:28.460 5312 351dd5a9-9ba9-4ed0-93d8-5bd149495daa List of applicable Group Policy objects:
Local Group Policy
WW-Default Account Policy-IdM
WW-SCCMSettings-Napcomm
WW-NAPClientSettings-IdM
WW-DisableICSNB-IdM
WW-SMSLogonRightsDSK-IdM
WW-EFS Recovery Policy-IdM
2008-03-25 14:09:28.462 5313 351dd5a9-9ba9-4ed0-93d8-5bd149495daa The following Group Policy objects were not applicable because they were filtered out :
Disabled (GPO)
WW-Longhorn NetConn Settings-IdM
Denied (WMI Filter)
WW-BinaryDocSettings-IdM
Disabled (GPO)
WW-O12ConvSettings-IdM
Disabled (GPO)
WW-DwnWFWO12Settings-IdM
Denied (WMI Filter)
2008-03-25 14:09:29.694 5327 4e200110-5003-4842-93c1-0555b457227b Estimated network bandwidth on one of the connections: 0 kbps.
2008-03-25 14:09:29.694 5314 4e200110-5003-4842-93c1-0555b457227b A fast link was detected. The Estimated bandwidth is 11106 kbps. The slow link threshold is 500 kbps
As you can see this gives quite a nice easy to read format which enables you to follow through the Group Policy Processing from the client.