Tuesday, October 18, 2011

Tips: How to troubleshoot Group Policy with GPLogView

For dumping the Group Policy–related events logged in the System Event Log channel and the Group Policy Operational Event Log channel, you can use GPLogView.exe. It is one of the command-line troubleshooting tools. Though the GPLog View.exe works only on Windows Vista, it is not included with it. You can download it for free. The following are the command-line options for this tool.

-? Shows this usage message.
-o [output file name] Output filename required for text, xml, or html; not valid if -m is specified.
-n Do not output the activity ID.
-p Dump the process ID and thread ID associated with each event.
-a [activity id guid] Shows only events matching the given activity ID.
-m Runs the tool in monitor mode displaying events in real time.
-x Dumps the event in XML; the only other options allowed with this option are –m and -a but not both together.
-h Dumps the events in HTML format; -m or -x option not allowed, and -a and -n are allowed, but not both together. Also must specify -o option.
-q [Query file name] Uses the query specified by query file.
-l [Publisher name] If -q is specified, the publisher name must be specified.

The following examples illustrate the use of this tool:
GPLogView.exe -o GPEvents.txt
GPLogView.exe -n -o GPEvents.txt
GPLogView.exe -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.txt
GPLogView.exe -p -o GPEvents.txt
GPLogView.exe -x -o GPEvents.xml
GPLogView.exe -x -m
GPLogView.exe -x -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.xml
GPLogView.exe -h -o GPEvents.html
GPLogView.exe -h -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.html
GPLogView.exe -h -q somequeryFile.txt -l Microsoft-Windows-GroupPolicy -oGPEvents.html
If you go through the above examples, you can have an idea about implementing the same for troubleshooting Group Policy.
B  y , ,