Group Policy Logging on Vista/Windows 7,8,10

group_policy_failedAt the end of “Our roaming profiles aren’t being saved …”, I wrote that

For Windows Vista and later, the log information is stored in the Event Log.  Under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational.  Further information of this can be found in this Microsoft Technet post, Group Policy Logging on Windows Vista

Well it is in the event log, but there is another .log file.  You can enable the Group Policy Client Service (GPSVC) log file.  It seems to solely provide information about what Group Policy settings are being applied.

GPSVC(1278.1dfc) 15:09:59:476 DebugPrintGPOList2: Options: 2, GPOName: {31B2F340-016D-11D2-945F-4FB98400C0F9} DisplayName: Default Domain Policy
GPSVC(1278.1dfc) 15:09:59:483 PrintGPWMIInfo: WMIInfo: GPOName:{15A0E08F-4917-F60B-8358-8B78E802A8B7}, QueryId:{81430147-9924-9351-456D-2329BF3F317F}, NameSpace:noddyland.inside
GPSVC(1278.1dfc) 15:09:59:483 PrintGPWMIInfo: WMIInfo: bFilterAllowed: TRUE, Rules:1;3;10;108;WQL;root\CIMv2;select * from Win32_OperatingSystem where (Version like "5.1%" or Version like "5.2%") and ProductType = "1";
GPSVC(1278.1dfc) 15:09:59:484 GetFgPolicySettingImpl (bSync: 1)
GPSVC(1278.1dfc) 15:09:59:485 SaveGPOsToLocalCache(Machine): Server SKU runs in sync mode, skip cache operations.
GPSVC(1278.1dfc) 15:09:59:486 GetGPOInfo: Get 5 GPOs to after filtering.
GPSVC(1278.1dfc) 15:09:59:486 DebugPrintGPOList2: Options: 0, GPOName: Local Group Policy DisplayName: Local Group Policy
GPSVC(1278.1dfc) 15:09:59:487 DebugPrintGPOList2: Options: 0, GPOName: {55DD0EE9-4A06-4707-940B-5482CB34C9EF} DisplayName: Domain Policy - Log files
GPSVC(1278.1dfc) 15:09:59:488 DebugPrintGPOList2: Options: 0, GPOName: {02263A92-9FC5-4B95-B9C0-127ECC8A6C32} DisplayName: COMPUTEROBJECT-Desktops-Everyone
GPSVC(1278.1dfc) 15:09:59:493 DebugPrintGPOList2: Options: 0, GPOName: {E1692B3D-D2DA-4DA6-8683-2663C08C6F69} DisplayName: COMPUTERUSER-User Base settings
GPSVC(1278.1dfc) 15:09:59:494 DebugPrintGPOList2: Options: 2, GPOName: {3140B2F3-016D-11D2-945F-00CFB98044F9} DisplayName: Default Domain Policy
GPSVC(1278.1dfc) 15:09:59:494 GetGPOInfo:  Leaving with 1
GPSVC(1278.1dfc) 15:09:59:495 GetGPOInfo:  ********************************
GPSVC(1278.1dfc) 15:09:59:496 ProcessGPOs(Machine): Get 5 GPOs to process.
GPSVC(1278.1dfc) 15:09:59:496 ReadExtStatus: Reading Previous Status for extension {3378E5AC-683F-11D2-A89A-04FBB00CCFA2}

To enable the log file:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
  3. On the Edit menu, point to New, and then click Key.
  4. Type Diagnostics, and then press ENTER.
  5. Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
  6. Type GPSvcDebugLevel, and then press ENTER.
  7. Right-click GPSvcDebugLevel, and then click Modify.
  8. In the Value data box, type 0x30002, and then click OK.
  9. Exit Registry Editor.
  10. At a command prompt, type the following command, and then press ENTER:
    gpupdate /force
  11. View the Gpsvc.log file in the following folder:
    %windir%\debug\usermode

    Note – if the usermode folder does not exist under %WINDIR%\debug\ the gpsvc.log file will not be created. If the usermode folder does not exist, create it under %windir%\debug.

References: