Agile Insider Blog

Debugging Windows Logon and Group Policy Processing

Have slow logon problems with Windows Group Policy…or problems after the logon process, but before the desktop appears…check out this great description of the debugging process. Windows 2000-2003 (and XP)…NO Vista.

Hey everyone, this is Mark from the Directory Services team. We get calls all the time where enabling Userenv logging is necessary to see exactly what is happening with group policy and profile loading. If you have ever looked at one it can be confusing to say the least. One thing to remember is that if the logging is not enabled then do not try and interpret the log since very minimal logging is enabled by default! I am going to break this down into 2 parts with one being the Computer side and its processing then the second part of the User side and its processing. So let’s jump in and get our feet wet with some of the basics.

First, what is Userenv logging? This is short for “User Environment.” How do I enable the logging? You can reference the following KB article:

221833 How to enable user environment debug logging in retail builds of Windows

Note that Userenv logging per this article does NOT work on any version of Windows Vista or Windows Server 2008. It will work only on Windows 2000, 2003 or XP.

Open Regedit on the problem computer and drill down to:

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon.

Create a REG_DWORD with the value called UserEnvDebugLevel then set the value to 0x10002 in hexadecimal. The value is not case sensitive.

Logging will start immediately to the Userenv.log file located in the %SystemRoot%DebugUserModefolder (no reboot or restart of services is required). If the Userenv.log file is larger than 300 KB, the file is renamed Userenv.bak, and a new Userenv.log file is created. This action occurs when a user logs on locally or by using Terminal Services, and the Winlogon process starts. However, because the size check only occurs when a user logs on, the Userenv.log file may grow beyond the 300 KB limit. If you need to read the log or .bak files then you can simply open them with Notepad. Since you want to see what the computer is doing when it starts, reboot the client computer.

One problem with Userenv logging, especially on a busy terminal server with lots of logon activity, is that the log is overwritten before you get a chance to find the useful information in it. While there is no way to increase the 300 KB limit on the log file, if you make Userenv.bak read-only, Winlogon can’t rename Userenv.log to Userenv.bak, so it just keeps logging to the Userenv.log indefinitely. If you decide to use this method, it is critical that you monitor the size of the Userenv.log to make sure it does not fill up the drive. Then remove the read-only attribute as soon as you are done troubleshooting.

After a reboot and once you are logged onto the client computer, open the Userenv log; you should notice information such as this:

Read the rest of this article @> Ask the Directory Services Team : Understanding How to Read a Userenv Log – Part 1

Leave a comment

Learn More Today

Have questions or want to learn more about the services and solutions Agile IT has to offer?

Schedule a call with us today!

Schedule a Call

Request a Quote