GP Logging in Vista
As Vista nears release, its worthwhile to look at some of the big changes coming in that OS around Group Policy. One of the biggest changes, from a troubleshooting perspective, is the use of the new "Crimson" event logging system to improve GP logging. Namely, the userenv.log file that we all knew and hated for its cryptic content goes away in Vista. In its place is the Group Policy Operational Log. The Operational log is found within the Applications and Services node of the new Event Viewer, under Microsoft, Windows, Group Policy. The Operational Log basically contains all of the previous data found in userenv.log, enabled by default so you don't have to fiddle with registry tweaks to enable it. It provides excruciating levels of detail on every step of GP processing and even includes some new data that you would have previously had to derive from userenv, like time spent processing a given policy area. In addition to the Operational Log, there are basic, high-level events generated by the GP engine. These are akin to the events you would find today in XP or 2003 in the Application event log. But in Vista, these high-level events have been moved to the System log and have a event source of "GroupPolicy". These are the so-called admin logs and are also enabled by default.
The one thing that has not changed in Vista is the existence of CSE-specific logs;logs generated by the various CSEs that ship with the OS. Many of you may know that I have a custom ADM file on my website that allows you to enable the various logging that is found in XP, 2000 and 2003. Well, in an effort to teach myself about the next ADMX template files that replace ADM in Vista, and to bring the gpolog.adm file up-to-date for the new OS, I've created what may be the first custom ADMX file in the wild (certainly my first) that enables CSE logging on Vista. Check it out at www.gpoguy.com/gpolog.htm