Troubleshooting Gr.Policy Using Event Logs – Also gplogview -a -m -o (Windows Vista)


source: http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx

command line command for the group policy:
====
Example 1: Export all Group Policy events
You can use GPLogView to export all Group Policy–related events from the system log and the operational log.

gplogview -o gpevents.txt

Example 2: Export Group Policy events with a specific Activity ID
GPLogView filters Group Policy–related events by Activity ID, which is useful when troubleshooting a specific instance of Group Policy processing.

gplogview -a 8A7C7CE5-F7D0-4d32-8700-57C650A53839 -o gpevents.txt

Example 3: Monitor Mode
You can use GPLogView to capture Group Policy events in real time. GPLogView writes all Group Policy related events to the command window, as they occur. Press CTRL+C to exit monitor mode, or press Q and ENTER.

gplogview -m

===
Example 4: Using an external event log for input
By default, GPLogView reads the events logs on the current Windows Vista computer. However, you can change the GPLogView input source to an exported event log from another Windows Vista computer. This change gives you the ability to export multiple views of Group Policy processing that happened on another computer
NOTE: The saved event log must come from a computer running Windows Vista. GPLogView does not work with saved event logs from earlier releases of Microsoft Windows.
===
gplogview-i savedevents.evtx -o gpevents.txt

You can view these and other commands supported by GPLogView by invoking command line Help.

gplogview -?

====

******

How to determine an instance of Group Policy processing
To determine an instance of Group Policy processing

Using Windows Vista
1.Start the Event Viewer.

2.Under Event Viewer (Local), click to expand Windows Logs, and then click System.

3.Double-click the Group Policy warning or error event you want to troubleshoot.

4.Click the Details tab, and then click Friendly view. Click System to expand the System node.

5.Find the ActivityID in the System node details. You use this value (without the opening and closing braces) in your query. Copy this value to Notepad, so it is available to you later. Click Close.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: