Logging Cheatsheat

Here is a collection of logging settings that have been found to be useful to have in place before problems arise.

Windows Installer Logging

Useful for knowing why an installer didn’t work.

https://support.microsoft.com/en-us/help/223300/how-to-enable-windows-installer-logging

Log files are generated in C:\Windows\Temp\MSI#####.log if run as SYSTEM (like from SCCM) or in %TEMP% in the user profile if run as the user.

Group Policy Location: Computer Configuration/Policies/Administrative Templates/Windows Components/Windows Installer
Setting: Specify the types of events Windows Installer records in its transaction log = voicewarmupx

  • i – Status messages
  • w – Non-fatal warnings
  • e – All error messages
  • a – Start up of actions
  • r – Action-specific records
  • u – User requests
  • c – Initial UI parameters
  • m – Out-of-memory
  • p – Terminal properties
  • v – Verbose output
  • o – Out of disk space messages
  • x – Extra debugging information

Group Policy Preferences Logging

Useful for why Drives or Printers are not mapping.

https://blogs.technet.microsoft.com/askds/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat/

Group Policy Location: Computer Configuration/Policies/Administrative Templates/System/Group Policy/Logging and tracing

Setting: Configure Drive Maps preference logging and tracing = Enabled

  • Event logging = Informational, Warnings and Errors
  • Tracing = Off
  • User trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\DriveMapsUser.log
  • Computer trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\DriveMapsComputer.log
  • Planning trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\DriveMapsPlanning.log
  • Maximum size of trace file (KB) = 1024

Setting: Configure Network Shares preference logging and tracing = Enabled

  • Event logging = Informational, Warnings and Errors
  • Tracing = Off
  • User trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\NetSharesUser.log
  • Computer trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\NetSharesComputer.log
  • Planning trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\NetSharesPlanning.log
  • Maximum size of trace file (KB) = 1024

Setting: Configure Printers preference logging and tracing = Enabled

  • Event logging = Informational, Warnings and Errors
  • Tracing = Off
  • User trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\PrintersUser.log
  • Computer trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\PrintersComputer.log
  • Planning trace = %COMMONAPPDATA%\GroupPolicy\Preference\Trace\PrintersPlanning.log
  • Maximum size of trace file (KB) = 1024

Group Policy Logging

Useful for determining why you have slow boot up or login times.

Log files generated in %windir%\debug\usermode\

https://blogs.technet.microsoft.com/askds/2015/04/17/a-treatise-on-group-policy-troubleshootingnow-with-gpsvc-log-analysis/

Windows 8 and up:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics
  • GPSvcDebugLevel = 0x30002 (196610) REG_DWORD

Windows 7 and older:

https://technet.microsoft.com/en-us/library/cc775423(v=ws.10).aspx

https://support.microsoft.com/en-us/help/221833/how-to-enable-user-environment-debug-logging-in-retail-builds-of-windo

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  • UserEnvDebugLevel = 0x30002 (196610) REG_DWORD