Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Enable Logging for Security Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The security settings configuration and analysis tools include scecli.dll, which implements the client-side extension for Group Policy. Scecli.dll provides client-side interfaces to the security configuration engine and does Resultant Set of Policies (RSoP) logging during policy propagation.

Administrators can enable logging for scecli.dll. The log is written to the Winlogon.log file, which is created in the %SYSTEMROOT%\Security\Logs folder.

To configure logging output for Security Configuration Client
  1. Start Registry Editor (Regedt32.exe).

  2. Locate and click the following key in the registry:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}

    The registry key is one path; it has been wrapped for readability.

  3. On the Edit menu, click Add Value, and then add the following registry value:

    Value name: ExtensionDebugLevel

    Data type: DWORD

    Value data: 2

To reproduce the failure, refresh the policy settings by typing the following at the command prompt: gpupdate /force.

For more information, see the Tools and Setting Collection in the Windows Server 2003 Technical Reference.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft