GPO

GPO enable user environment debug logging

24th June 2019 /

If Userenv debug logging is enabled as per KB 221833, the userenv.log file will include the following:

–       Slow link detection

–       Machine Group Policy Application

–       Processes and applications which start up as part of Userinit.exe (this includes most Startup items)

–       Machine startup and shutdown scripts

–       Profile loading or unloading at user login/logoff

–       User Group Policy Application

–       Internet Explorer GPO processing

–       User login and logoff scripts

–       Firewall rules processing for Windows Firewall

Use Registry Editor to add or to modify the following registry entry:Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Entry: UserEnvDebugLevel
Type: REG_DWORD
Value data: 10002 (Hexadecimal)UserEnvDebugLevel can have the following values:NONE 0x00000000
NORMAL 0x00000001
VERBOSE 0x00000002
LOGFILE 0x00010000
DEBUGGER 0x00020000The default value is NORMAL|LOGFILE (0x00010001).

Note To disable logging, select NONE (0x00000000).

You can combine these values. For example, you can combine VERBOSE 0x00000002 and LOGFILE 0x00010000 to get 0x00010002. Therefore, if UserEnvDebugLevel is given a value of 0x00010002, LOGFILE and VERBOSE are both turned on. Combining these values is the same as using an OR statement.0x00010000 OR 0x00000002 = 0x00010002Note If you set UserEnvDebugLevel to 0x00030002, the most verbose details are logged in the Userenv.log file.

The log file is written to the %Systemroot%\Debug\UserMode\Userenv.log file. If the Userenv.log file is larger than 300 KB, the file is renamed Userenv.bak, and a new Userenv.log file is created. This action occurs when a user logs on locally or by using Terminal Services, and the Winlogon process starts. However, because the size check only occurs when a user logs on, the Userenv.log file may grow beyond the 300 KB limit.

Although the 300-KB limit cannot be modified, you can set the read-only attribute on the Userenv.bak file, and the Userenv.log file will grow indefinitely. You must only use this method temporarily, remove the read-only attribute on the Userenv.bak file as soon as you are finished troubleshooting.

Leave a Reply

Your email address will not be published. Required fields are marked *