Useful tools to know when dealing with group policies.
Review the policies applied to current logged on user: (saves the html to c:\temp\)
- Gpresult /h c:\temp\xx.html
View policy applied for computer configuration. (firewall, trusted zone info, etc.)
- Gpresult /h c:\temp\report.html /scope computer
Enable Group Policy Service (GPSvc) logging
On the client where the GPO problem occurs, follow these steps to enable Group Policy Service debug logging.
- Open Registry Editor.
- Locate and then select the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion - On the Edit menu, select New > Key.
- Type Diagnostics, and then press Enter.
- Right-click the Diagnostics subkey, select New > DWORD (32-bit) Value.
- Type GPSvcDebugLevel, and then press Enter.
- Right-click GPSvcDebugLevel, and then select Modify.
- In the Value data box, type 30002 (Hexadecimal), and then select OK.
- Exit Registry Editor.
- In a command prompt window, run the gpupdate /force command, and then press Enter.
Then, view the Gpsvc.log file in the following folder: %windir%\debug\usermode
Note
If the usermode folder does not exist, create it under %windir%\debug. If the usermode folder does not exist under %WINDIR%\debug\, the gpsvc.log file will not be created.
Source:
Steven's Event Log 