Tag Archives: eventlogs

Howto enable Group Policy event logging in Windows2008

There are many websites on the internet that talk about the previous method of enabling group policy logging by adding the UserEnvDebugLevel registry entry as per Microsoft kb article 221833. Unfortunately this does not work in Windows2008 and the kb article does not link to another article that does work.

However I found out that this was changed (in Vista I think) to a different registry entry and a new log file is created. Create a new Dword value called GpSvcDebugLevel under HKLM\Software\Microsoft\Windows NT\Current Version\Diagnostics and set the value to 100002 (in hex). This will then create a file called gpsvclog.log in the %windir%\debug directory.

It looks like the preferred method of debugging the logs is to read the events that are stored in Eventvwr under Applications and Services Logs\ Microsoft\ Windows\ GroupPolicy\ Operational