Event Viewer

From GPO.wiki
Jump to: navigation, search

The Event Viewer (or eventvwr.msc) is a MMC snap-in to search for and analyse reports or message from applications, services and other components of the client.

Open the Event Viewer

  • Clicking Start and then Event Viewer
  • Opening the run dialog and enter eventvwr.msc
  • Starting the Microsoft Management Console and adding the snap-in Event Viewer
Event Viewer running under Windows Server 2012 R2

Working with the Event Viewer

To view issues regarding group policies, connect to the client having trouble (if it is not the local computer) and open Windows Logs->Applications.

The list will contain all event from applications and OS components.

To search for group policy related events, click "Filter Current Log" in the actions bar on the right side. This will open a new dialog. Here you can search for words, event ids, etc, if you know exactly what you are searching for. To find all events, click "Event Sources" and select all entries starting with "Group Policy" (Group Policy Files, Group Policy Printers, etc).

If you found an event, click on it and the details will appear in the details panel below. The text might give you a hint on what is not working properly.

Example

You have set up a Files policy for a computer which will copy a file from a network share to your client. In the Event Viewer is an entry with the following values:

Log Name: Application
Source Group Policy Files
Event ID 4098
Level Warning

These information just tell you that something did not working correctly with a files policy.

The text will tell you:

The computer 'file.extension' preference item in the 'File {01234567-890A-BCDE-F0123-4567890ABCDE}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

This will help to troubleshoot the GPO issues:

  • There is a file 'file.extension', which has to be copied
  • It is setup in the GPO 'File' with the unique ID '{01234567-890A-BCDE-F0123-4567890ABCDE}'
  • The copy command did not complete because the file does not exists or cannot be found

In this case, the GPO 'File' should be reviewed and checked if the file file.extension exists and that the user or the client has access to it.