Home arrow Articles arrow INFO: Configure USERENV.LOG logging
INFO: Configure USERENV.LOG logging Print E-mail
The core Group Policy engine writes various, configurable types of information to its log file, which is stored under %windir%\debug\usermode. In Windows NT 5.x this file is called USERENV.LOG. In Windows NT 6.x this file is called GPSVC.LOG.

Note. Windows NT 5.x refers to Windows 2000 Professional, Windows 2000 Server, Windows XP and Windows Server 2003. Windows NT 6.x refers to Windows Vista and Windows Server 2008.

The default configuration for this file varies depending on the documentation you read. Officially, the documentation is NORMAL | LOGFILE. However practice dictates that the internal default (as the value doesn’t exist in the registry by default) actually doesn’t have the LOGFILE option defined. The configuration of the group policy engine to log more, or less, is done via a registry value: UserEnvDebugLevel. This value is a DWORD and is located under the following registry key.

HKLM\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon


Value (Hex / Decimal)


0x00000000 / 0


0x00000001 / 1


0x00000002 / 2


0x00010000 / 65536


0x00020000 / 131072

The value is a bitwise value, which means the different options can be combined. To combine the values you use a logical OR. The following examples illustrate how to combine different values.

Normal logging.

Normal OR Logfile:
0x1 | 0x10000 = 0x10001.

Verbose logging.

Normal OR Verbose OR Logfile:
0x1 | 0x2 | 0x10000 = 0x10003

Extra verbose logging (debugging).

Normal OR Verbose OR Logging OR Debugger:
0x1 | 0x2 | 0x10000 | 0x20000 = 0x30002

Certain values can, logically, be combined but will not yield a worthwhile result, e.g. Normal and Verbose don’t make sense without also including Logging.

Document information

Author: Paul Williams
Written: 25-07-2007
Version: 1.0
Last updated: 25-07-2007
Last updated by: Paul Williams

< Prev   Next >