How to Turn On Debug Logging for Group Policy

When you are troubleshooting group policy issues, it's helpful to turn on some additional logging. Unfortunately, it's not just a simple switch you turn on. You have to know what you are doing to get those logs.

1. Open regedit and go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
2. Create a subkey named "Diagnostics"
3. Create a new DWORD value under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics named "GPSvcDebugLevel" (this is case sensitive)
4. Set the value of GPSvcDebugLevel to 0x00030002
5. Create the "usermode" directory under %windir%\debug\
6. You can run "gpupdate /force", but I prefer to reboot so you get a clean log as the policies are applied under normal circumstances.
7. Your new log is at %windir%\debug\usermode\Gpsvc.log

When you are done, change the value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics|GPSvcDebugLevel to 0x00000000 to disable the debug log or else it will continue to grow.