Well, it’s been a while since I last blogged, and this is one I’ve been wanting to write for a while. A few months ago I was trying to troubleshoot why a GPMC backup was throwing errors on Windows Server Core 2012 and 2016. I had installed the GPMC PowerShell module and was trying to backup a GPO from PowerShell, and kept getting weird errors. It would only happen on some GPOs (it turns out that it was specific to particular policy areas and settings). At the time, I was trying to figure out how I could troubleshoot this problem. Then I remembered an ADMX file I had written MANY years ago, that enabled various GPO debug logging. I recalled that one of the options was GPMC logging. So I dug up the ADMX, figured out the right registry value to turn on and voila! The error showed up clear as day in the GPMC trace log (see below) and allowed me to determine that Server Core was missing a particular file that was expected to be able to parse, in this case, Advanced Audit Configuration policy (as it turns out, Microsoft apparently no longer tests basic Group Policy functionality on all of it’s platforms).
This revelation led me to dust off my old GPO logging ADMX/ADML files and put them out for public consumption. The logging enabled in this ADMX/L range from enabling basic GPSVC logging, to GPMC logging to Folder Redirection, Software Installation and Security CSE logging. You can find the relevant ADMX files on my github page.
Simply copy the ADMX file to your ADMX store (local or Central store), and the corresponding ADML file (English only at the moment) to the en-us folder under your store, and then load up GP Editor. You will see the new logging options appear in the GPO namespace under Computer Configuration\Policies\Administrative Templates\System\Group Policy Logging\Logging, as shown here:
Keep in mind that these options write to locations in the registry that are not managed by Group Policy. That means that these settings WILL tattoo the registry on the target system and will need to be either explicitly turned off or removed manually.
Happy Troubleshooting!
Darren