Have a problem that occurs when you log on? Wonder if that Group Policy settings are being properly applied? Got a logon script that keeps crashing? Turn on debug logging for Windows logon events to find out what is going on.
This solution applies to:
I have not tested Windows 7 and Windows Vista with this solution.
The process entails creating or changing a specific registry key on the target computer you are troubleshooting, and setting the key to a data value that both creates a log file for the user’s environment and writes debug-level output of the logon process. Once this value is set, the user needs to log out and log back in. This log file is not user-specific and logs all logon-related actions the computer takes during the logon process and everything the user does once logged in.
WARNING!
This procedure involves making changes to the Windows registry which can result in an inoperable computer. Back up your registry before attempting this procedure.
Here are the steps:
This causes Windows to create the following file:
%SYSTEMROOT%\Debug\UserMode\userenv.log
(typically C:\WINDOWS\Debug\UserMode\userenv.log)
The userenv.log file will contain debug output at the maximum verbosity–it will show every user action and every action of the system during logon. It does NOT log keystrokes, but it does show which applications were launched. This file is renamed to automatically by Windows when it reaches 1MB, at which point it is rolled over to userenv.bak and a new file is created.
This log file is useful in troubleshooting the following problems:
The Userenv.log file will contain numerous messages. Typically, you’re looking for messages with “failed” or “error” in them.
Each line in the log file is formatted as follows:
USERENV(process.code) HH:MM:SS:mmm ProcessName: Message/Statement
Note that no date is displayed. Below is a copy of sample output from a real log file.
USERENV(2dc.2e0) 00:53:00:296 InitializePolicyProcessing: Initialised Machine Mutex/Events USERENV(2dc.2e0) 00:53:00:296 InitializePolicyProcessing: Initialised User Mutex/Events USERENV(2dc.2e0) 00:53:00:296 LibMain: Process Name: \??\C:\WINDOWS\system32\winlogon.exe USERENV(2dc.2e0) 00:53:00:609 Entering CUserProfile::Initialize ... USERENV(2dc.2e0) 00:53:00:609 CUserProfile::Initialize called by winlogon
Here’s the link to Microsoft’s website where the list of possible errors, messages and troubleshooting steps are located.