rrc2software Blog Proyectos
rrc2software Blog Proyectos
Ramón Román Castro
ramon.roman.c
Feb 19, 2020
Ramón Román Castro
ramon.roman.c
Feb 19, 2020

Active Directory

GPO Logging Using Gpsvc.log in Windows 7+

The debug log Userenv.log (%Systemroot%\Debug\UserMode\Userenv.log) could be used to thoroughly analyze the application of GPO in Windows XP and Windows Server 2003. Using this Group Policy logging, you could track the order and time of applying group policies, find the policies that slow down the booting and solve other GPO related problems.

In Windows 7 (or higher), Microsoft developers decided to stop using Userenv.log as the main debugging tool of GPO processing. The majority of events related to the Group Policy are now available in the Event Viewer (eventvwr) log in Applications and Services Logs –> Microsoft -> Windows -> Group Policy -> Operational.

Tip. For example, the events with the Event ID 4016 and 5016 will help to find the time when the GPO has started and finished to be processed. The latter event shows how long this policy has been applied.

The Event 5312 contains the list of policies to be applied and the Event 5317 lists the filtered policies.

However, the events contained in this log are not as detailed as Userenv.log file in Windows XP.

You can also enable a similar debug log of Group Policy Client Service (GPSVC) in Windows 7. This undocumented feature of enabling an extended log of GPO usage is also available in Windows 8, 10 and Windows Server 2008/2012.

You can enable the GPO debug logging in the registry. Create a DWORD parameter with the name GPSvcDebugLevel and the value 00030002 in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics. (Probably, you will have to create the Diagnostics branch manually) 

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics" /v GPSvcDebugLevel /t REG_DWORD /d 0x00030002 /f

Update your policies using the command gpupdate /force (or restart the computer if you want to debug the policies applied when booting).

After the restart, Group Policy Client service will record the extended debug information to the file gpsvc.log (WINDIR%\debug\usermode\gpsvc.log).

The manual analysis of gpsvc.log is quite time-consuming. A free tool Policy Reporter (http://www.sysprosoft.com/policyreporter.shtml) can make it easier and represent the GPO debug log as a tree grouped by time.

The data from gpsvc.log and the results obtained using GPResult can be used to perform a detailed analysis of applying GPO on the clients.

Note. To disable debug logging, change the value of GPSvcDebugLevel to 0.

Forcing Replication

https://technet.microsoft.com/en-us/library/cc794809(v=ws.10).aspx

Synchronize Replication with All Partners

repadmin /syncall <DomainControllerName> /e /d /A /P
repadmin /showrepl <servername>

An RODC Does Not Advertise As a Time Source

https://technet.microsoft.com/en-us/library/cc753966(v=ws.10).aspx

windows, microsoft, active-directory
Tweet Share Share Pin Share Email

Última modificación: May 19, 2020

Volver al inicio