Group Policy and Event Logs in Vista

by Mitch Tulloch [Published on 21 Jan. 2009 / Last Updated on 14 Nov. 2008]

In previous versions of Windows, Group Policy information was logged to the System log and additional troubleshooting information could be obtained by enabling Userenv.dll logging.

In previous versions of Windows, Group Policy information was logged to the System log and additional troubleshooting information could be obtained by enabling Userenv.dll logging. In Windows Vista and later however, Group Policy logging has changed as follows:


  • Events generated by the Group Policy engine during Group Policy processing are now logged in the Application event log. This information replaces Userenv.log which was difficult to parse on previous Windows platforms. Note that the event source for these events has changed from USERENV to Group Policy.
  • Events generated by Group Policy extension DLLs are now logged to the Group Policy Operational event log. Of particular interest here are events in the range 7300-7999 which represent errors generated by extensions.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links