Howto enable Group Policy event logging in Windows2008

There are many websites on the internet that talk about the previous method of enabling group policy logging by adding the UserEnvDebugLevel registry entry as per Microsoft kb article 221833. Unfortunately this does not work in Windows2008 and the kb article does not link to another article that does work.

However I found out that this was changed (in Vista I think) to a different registry entry and a new log file is created. Create a new Dword value called GpSvcDebugLevel under HKLM\Software\Microsoft\Windows NT\Current Version\Diagnostics and set the value to 100002 (in hex). This will then create a file called gpsvclog.log in the %windir%\debug directory.

It looks like the preferred method of debugging the logs is to read the events that are stored in Eventvwr under Applications and Services Logs\ Microsoft\ Windows\ GroupPolicy\ Operational

When Genuine Advantage fails to work….

I’ve had two issues with Genuine Advantage since Thursday – both issues not currently resolved. The first was a server that was restored from a ShadowProtect backup to a virtual machine on ESXI. This is to try and sort out an issue on the original server without causing any more damage to the original server. The restored server boots up fine and allows me to enter my username and password. Immediately after logging in, it then detects it needs to be activated and gives me the option to activate or cancel. If I select Yes to activate with Microsoft it should then jump into the routine of providing a set of numbers and a phone number to call Microsoft (or via the internet). Instead, this server just logs me off. Very frustrating and not useful at all.

Initially the problem was made worse due to the fact that the initial restoration meant that a normal boot insisted AD was corrupt and to go into safe mode to repair but safe mode had the same problem with Windows Activation. After a re-restore I’m not getting the AD corrupt problem but I am getting the Windows Activation issue.  On a side note, it is essential that if you restore a server with shadowprotect that has a C,D and E drive with the NTDS files stored on the E drive, then you need to restore C, then D, then E. If you restore just C and E and specify the drives are C and E, when the machine reboots the E drive will become D and your AD will corrupt itself.

So as you can see I’ve had a troubling week at work doing some restores! The good news is I know how to recover from the above problem but not when Genuine Advantage gets in the way!

The other issue was with a friends Vista machine that had the hard drive fail. I suspect the MBR got corrupted as there was initially no operating system found and my initial repair worked when I told the machine to run diagnostics and fix them and about 5 seconds later the machine was booting. However on the next reboot the system failed again. He then used the HP recovery CD to restore Vista to the machine and then after login Windows (and Security Essentials) was complaining that the copy of Windows was not genuine. However going to the Validate Windows page, the webpage shows that the pc passes with no problems found (although the computer disagrees still). Running the MGADiag tool however returns Validation Status: Invalid License, Validation Code: 50. From the support forums – “Your copy of Windows 7 is using an OEM SLP key.  This type of key only comes win Windows that come pre-installed in a computer built by a large manufacturer.  When an OEM SLP key is in uses, Windows looks to the Bios on the computer’s motherboard for a OEM Bios Flag. An OEM Bios Flag is information found only in the bios of computers built by a large manufacturer that come with Windows pre-installed. An OEM Bios Flag is specific to the Manufacturer and the version of Windows it’s good for. So, If Windows is using an OEM SLP key and the Proper OEM Bios Flag is present in the computer’s Bios, Windows will self-activate”. Of course this is all well and good until the computer does not self activate…..

I’ll update on the both of these issues when I get time to work on the machines and solve the problems.

Group Policy preference hurdle.

I’ve been wanting to use the group policy preferences at a couple of sites but been unable to due to the fact that you need to have a Vista or Windows 2008 server in the domain. I knew that one or the other was required, but I was kind of hoping that you could get away with using a Vista machine not on the domain to edit the group policy settings. Much like you can use “connect to” in eventvwr and other mmc consoles I was hoping this feature would be available so I could take my consultants laptop and edit various group policy preferences at some of my sites without needing a domain joined pc. Alas, this is not to be – in fact gpmc is not even available unless you are joined to the domain.
Here’s hoping that some enterprising company will come up with an application that will enable you to deploy group policy preferences without Vista or Windows 2008.

Vista and SBS2003 (in)compatability

One (new) client has unfortunately a Vista desktop purchased a couple of days before we took over IT and it needed joining to the domain. This has proved a difficult task to say the least. Our remote control software stops showing the users screen whenever the UAC prompt pops up (and freezes our screen until the local user clicks ok) which means the end user has to remain at their desk when we are doing any troubleshooting rather than letting them use another computer to do some work.
Anyway, the server/connectcomputer wizard was complaining that I needed admin rights (which I had already) and a patch is available, KB926505 but when I try to install that on the server I get the very wonderful error message “Failed to install” with no details as to why. Nothing in the eventlogs either. Add/Remove Programs now says the patch is installed and when you try to remove it, I get a message about all sorts of programs failing to work and the end of the world so I’ve left it in place until I get a chance to remove and reinstall the server whilst I am on site as opposed to RWW’ing into the server. In the meantime I joined the computer to the domain manually, and I’ve had to change the logon script so it doesn’t UAC whenever the script does the sbs setup program. Apparently this is fixed with the patch, so the patch obviously doesn’t work – watch this space.

Tools to help migrate to a vista pc

Microsoft released the Windows Easy Transfer for Windows XP and Windows 2000 tool which is the new version of Files and Settings Transfer Wizard (FAST) that came with Windows XP to allow you to move your settings to a new computer. I also got an email from laplink who have released their PCMover software which claims to be unique in that it also moves the programs too. Note that I’ve not used either of these programs.

Vista improvements to offline files

Jim Allchin blogs about changes to offline files in Vista and includes the great titbit of information that now, finally, the pc will only sync the files belonging to the user that is logging off so that the access denied message does not appear delaying the log off/shut down procedure.
Also, synchronisation is intelligent in that it will only sync changes to files as opposed to the whole file itself (if supported by the application) – this should help a couple of my clients who have issues with long synchronisation times on their pc.
It will be interesting to see if a new version of csccmd comes out with Vista, which includes all the extra switches that the xp version did not unless you requested the hotfix from Microsoft support.
See The Filing Cabinet for more information on these new features.

OS Packaging

It was interesting to see that details about the packaging for Windows Vista was released today – JCXP links to MS Tech today which has a picture of the neat dvd box. Contrast this to the cd’s that I received from Dell for the SBS 2003r2 server I opened. Not only was the media on CD (which means a painful 4 cd install after Dell’s install creates a small 25gb boot partition) despite the server having a dvd drive, but the cd’s were in the paper sleeve envelopes that you normally get with an OS installation from Dell. What was worse that disks 1 and 2 were in the same envelope with a piece of paper slid between them, the same for disk 3 and 4. This is really cheap, likely to lead to scratches and not a good first start impression of a brand new server!
(Note that I don’t know if SBS was requested on cd instead of dvd or whether that is how it comes but even if it was ordered on cd, it could at least come in a reliable case.

Upgrade time

I’ve been busy this morning. I re-ghosted my windows xp partition and then reloaded it back onto my secondary disk. The performance still stays about the same so I’ll be wiping the secondary disk back to HP’s recovery cd and reloading all of the applications again *shudder*. As this is a fairly long post there is more in the extended entry.

Vista Installation – pt1

Urgh – the installation process has been horrible so far. Makes me want to put the new version of Ubuntu on instead! Incidentally, their timing was awful – everyone has blogged about the Vista upgrade and hardly anyone blogged about their upgrade. Maybe they should have waited a couple of days and then brought it out with the advertising of “Frustrated with waiting for Vista? Can’t Install Vista? Try Ubuntu and you won’t have to pay for an upgrade in a year!”

Anyway, back on track – I tried to boot from the dvd but the installation hangs after the first swoosh goes across the screen, after the files have been copied, the lights on the keyboard light up briefly and then the whole pc hangs – no more keyboard action and the whole pc needs to be switched off.

So back into Windows I boot and I have to delete a partition on the hard disk as my 10gb xp partition that I was originally going to install over the top of is not big enough. Setup starts and says it can’t copy a setup file – I hit ok and it continues anyway. After entering my licence number and not updating the install from the internet I get the message “At least one device driver that might be required to start your system is not available. Devices with missing drivers: A347SCSI Controller and D34PRT SCSI Controller – Do you wish to ignore and continue?

I have no idea what those two devices are – (a quick google search tells me it is my daemon tools drivers – thanks to tech recipes) but the Vista Upgrader Advisor didn’t have any problems with them and curiously enough – I’ve read that a good way to assist in installing Vista is to mount the vista ISO with Daemon tools and run setup.

UpdateWell the install from within XP didn’t work either and actually wasted even more of my time – not including the time taken to juggle my partition sizes and create enough space for a clean install. The setup routine within windows asks for my product key, asks which partition I want to install to and starts to copy files to the hard disk. Eventually the pc reboots….and does exactly the same as the install process from dvd – the pc freezes at the swish thing down the bottom of the screen. I’ve tried to see if I can find any diagnostic logs or debugging process like the safe mode in XP but no joy so far. – Ubuntu is being downloaded right now.

Update 2 Upgraded the BIOS and the pc will not boot off Microsoft’s WinPE version 2.