1
00:00:03,070 --> 00:00:03,640
Okay.

2
00:00:03,670 --> 00:00:06,490
Now, what I want to do is enable some trace logging.

3
00:00:07,460 --> 00:00:10,190
So let's go ahead and bring up the registry.

4
00:00:11,110 --> 00:00:14,890
And I'm going to go in under Hkeylocalmachine software.

5
00:00:14,890 --> 00:00:16,410
Microsoft Windows 90.

6
00:00:16,480 --> 00:00:17,350
Current version.

7
00:00:18,260 --> 00:00:21,290
And I need to add a new key called Diagnostics.

8
00:00:22,260 --> 00:00:24,300
This key doesn't exist by default.

9
00:00:24,480 --> 00:00:27,930
So I'm going to go ahead and add the key called diagnostics.

10
00:00:28,900 --> 00:00:30,610
Go ahead and hit a five.

11
00:00:30,620 --> 00:00:32,200
So it puts it in order here.

12
00:00:33,170 --> 00:00:39,050
And then I'm going to add a new reg underscore DWORD value with the name of SBC debug level.

13
00:00:39,050 --> 00:00:43,730
And I'm going to set its value to 30,000 and to as I mentioned in my slide.

14
00:00:44,650 --> 00:00:48,340
And now what I can do is come in and do a pop date slash force.

15
00:00:49,290 --> 00:00:53,100
And once I do that, I should be able to go into the file system.

16
00:00:54,030 --> 00:00:55,800
Let that run for a second.

17
00:00:56,830 --> 00:00:59,800
So now I'm going to go in under file explorer.

18
00:01:00,810 --> 00:01:02,240
On the local computer.

19
00:01:02,280 --> 00:01:07,620
See Windows Debug user mode and here is my SDK log file.

20
00:01:08,570 --> 00:01:13,880
One thing to note is that depending on the version of Windows, you may actually need to restart the

21
00:01:13,880 --> 00:01:18,110
system after adding the registry key for service trace logging.

22
00:01:19,010 --> 00:01:25,910
So that's less the case on newer versions like Windows ten and Server 2019 and more so on Windows seven

23
00:01:25,910 --> 00:01:26,690
and earlier.

24
00:01:27,650 --> 00:01:32,570
And once it's open, you'll see I've got the thread values that I talked about and lots of different

25
00:01:32,570 --> 00:01:34,790
threads going on here at the same time.

26
00:01:35,730 --> 00:01:42,030
The thing to note about the SBC log file, there's a lot of stuff in here that isn't necessarily related

27
00:01:42,030 --> 00:01:43,080
to group policy.

28
00:01:44,050 --> 00:01:48,670
So this log includes both policy and user profile trace logging.

29
00:01:49,570 --> 00:01:51,730
So you sort of have to sift through it.

30
00:01:52,710 --> 00:01:53,700
You'll notice here.

31
00:01:53,730 --> 00:01:55,590
This is related to group policy.

32
00:01:55,620 --> 00:02:00,720
There's a bunch of other very detailed calls in the log file that don't have anything to do with group

33
00:02:00,720 --> 00:02:01,310
policy.

34
00:02:01,320 --> 00:02:04,260
But once in a while we'll get to a section where we can see.

35
00:02:05,230 --> 00:02:05,990
Here it is.

36
00:02:06,010 --> 00:02:11,700
Searching the marking o you for the GPOs that are applied to that marketing o u that are linked to the

37
00:02:11,700 --> 00:02:12,280
o u.

38
00:02:13,210 --> 00:02:18,700
So it's going through the core face of policy processing, searching for each GPO and figuring out its

39
00:02:18,700 --> 00:02:23,890
version or its found whether it's got any client side extensions associated with it.

40
00:02:24,880 --> 00:02:29,710
All of that sort of information is being evaluated on a per share basis.

41
00:02:30,710 --> 00:02:36,560
So, you know, again, it's not an altogether obvious log file to work with, but it can provide some

42
00:02:36,560 --> 00:02:41,630
clues if you're running into specific errors and trying to figure out where those errors are coming

43
00:02:41,630 --> 00:02:41,930
from.

44
00:02:42,890 --> 00:02:46,670
So now let's talk about the trace logging for preferences.

45
00:02:47,680 --> 00:02:50,740
So if I go ahead and bring up the GMP, see?

46
00:02:51,670 --> 00:02:57,040
And if I come down here into the marketing for you, I'm just going to look at the GPOs that I have

47
00:02:57,040 --> 00:02:58,090
linked to marketing.

48
00:02:58,980 --> 00:03:01,680
And I had this policy and preference GPO.

49
00:03:01,830 --> 00:03:05,910
And what I'm going to do is I'm going to go ahead and edit this GPO.

50
00:03:06,810 --> 00:03:09,630
And I know that my machine account is in this marketing.

51
00:03:09,630 --> 00:03:10,250
Oh, you.

52
00:03:10,320 --> 00:03:15,840
So I'm going to turn on some trace logging for one of the computer specific client side extensions in

53
00:03:16,320 --> 00:03:17,130
preferences.

54
00:03:18,120 --> 00:03:21,630
So if I come in under policies admin templates system.

55
00:03:22,570 --> 00:03:24,610
Let's expand that out a little bit.

56
00:03:25,620 --> 00:03:26,760
Group policy.

57
00:03:27,740 --> 00:03:31,040
You notice a subfolder called logging and tracing.

58
00:03:31,950 --> 00:03:37,080
And you'll see here that I've got a bunch of different entries for the various group policy preferences

59
00:03:37,080 --> 00:03:37,880
extensions.

60
00:03:38,900 --> 00:03:42,800
So I'm going to come in under local user and group preference logging.

61
00:03:43,720 --> 00:03:46,210
And I'm going to go ahead and enable this.

62
00:03:47,210 --> 00:03:50,090
So I'm going to click that to enabled and I'm going to tell it.

63
00:03:50,090 --> 00:03:55,760
I want only warnings and errors and I want to turn tracing on and I'll leave the default locations the

64
00:03:55,760 --> 00:03:56,270
same.

65
00:03:57,200 --> 00:04:03,710
So I've got this app data folder that all my tracing files are going to go to and I'll go ahead and

66
00:04:03,710 --> 00:04:04,010
click.

67
00:04:04,010 --> 00:04:04,610
Okay.

68
00:04:05,530 --> 00:04:10,090
And then I'm going to come to the machine that I'm on and open up the command prompt.

69
00:04:11,030 --> 00:04:12,500
And I'll do a pub date.

70
00:04:13,450 --> 00:04:17,710
And I'm just going to update the computer because that's where I made the change.

71
00:04:18,690 --> 00:04:20,750
That will make it go a little quicker.

72
00:04:21,720 --> 00:04:27,990
Now again, I've enabled trace logging in a GPO that's being processed by this computer that I'm working

73
00:04:27,990 --> 00:04:28,350
on.

74
00:04:29,230 --> 00:04:34,210
And I happen to know that I am receiving some local users and groups preference settings, so I chose

75
00:04:34,210 --> 00:04:36,310
to enable that particular extension.

76
00:04:37,240 --> 00:04:39,730
But I could have enabled any other extension.

77
00:04:39,730 --> 00:04:40,260
Really?

78
00:04:41,210 --> 00:04:43,040
And then if I come in under.

79
00:04:44,030 --> 00:04:47,630
Under Group Policy in program data preference trace.

80
00:04:48,630 --> 00:04:52,650
You'll see there is the log trace file that I just created for computer.

81
00:04:53,570 --> 00:04:56,690
And now you'll see the trace file for processing user.

82
00:04:57,670 --> 00:05:01,570
Local user and group policy for this particular computer.

83
00:05:02,580 --> 00:05:06,540
So I've got all the tracing going on for the local users and groups.

84
00:05:07,560 --> 00:05:11,490
This is the data that the group policy preferences trace provides.

85
00:05:12,440 --> 00:05:17,240
And again, you're going to have to sift through a lot of stuff in order to get to the meat of it.

86
00:05:18,240 --> 00:05:19,770
Getting to the right timestamp.

87
00:05:19,770 --> 00:05:23,550
That's of interest today, but it will tell me some useful information.

88
00:05:24,480 --> 00:05:29,820
Assuming I'm having some kind of problem, it will essentially tell me what it's what it's processed

89
00:05:29,820 --> 00:05:31,230
out of that preference file.

90
00:05:32,220 --> 00:05:39,660
So again, you know, the tracing is sort of catch as catch can you don't necessarily guarantee.

91
00:05:40,570 --> 00:05:44,200
You can't be guaranteed that you're going to get the data that you need.

92
00:05:45,170 --> 00:05:49,250
But it can be a last resort to sort of sniff out problems that have come up.

93
00:05:50,190 --> 00:05:56,520
And I definitely recommend it as a last resort rather than a first resort, because it is rather arcane.

94
00:05:57,450 --> 00:06:01,860
But it can be a solution if you've sort of hit a dead end in your troubleshooting.