Enable Logging for Security Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The security settings configuration and analysis tools include scecli.dll, which implements the client-side extension for Group Policy. Scecli.dll provides client-side interfaces to the security configuration engine and does Resultant Set of Policies (RSoP) logging during policy propagation.
Administrators can enable logging for scecli.dll. The log is written to the Winlogon.log file, which is created in the %SYSTEMROOT%\Security\Logs folder.
To configure logging output for Security Configuration Client
Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Note
The registry key is one path; it has been wrapped for readability.
On the Edit menu, click Add Value, and then add the following registry value:
Value name: ExtensionDebugLevel
Data type: DWORD
Value data: 2
To reproduce the failure, refresh the policy settings by typing the following at the command prompt: gpupdate /force.
For more information, see the Tools and Setting Collection in the Windows Server 2003 Technical Reference.