Wednesday, April 22, 2015

UserEnvLogging in Windows Vista and higher

From Windows Vista, the GPO engine no longer records information in the UserEnv.log. Instead we use GPSVC logging.
Sadly, the resulting log file does not contain as much information as the UserEnv.log because all non GP related actions are not part of this log.
For those who want to have the same info as in UserEnvLogging, there is an option called Profile Logging.
To start logging (from a Command Prompt) type:
logman -start profile -p {eb7428f5-ab1f-4322-a4cc-1f1a9b2c5e98} 255 3 -ets
To stop logging (from a Command Prompt) type:
logman -stop profile -ets
You can view the ETL with a tool like SvcTraceViewer which is part of the Microsoft Windows Software Development Kit (SDK).

No comments:

Post a Comment