The default logging levels for GPO processing in Windows 2000 are minimal. Applications donít log to the Event Viewer when they make registry changes Event Viewer. GPO processing logs some high-level events in the Event Viewer, but theyíre not a great deal of use if you run into problems. The following registry hacks will help allowing you to change from default to verbose logging.

RunDiagnosticLoggingGroupPolicy will turn GPO event logging to verbose.

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Name: RunDiagnosticLoggingGroupPolicy
Type: REG_DWORD
Value: 1
Note: After you make that change and restart the system, you will see a lot more information reported, especially during errors. In many cases, this will be enough to get the information you need.

RunDiagnosticLoggingApplicationDeployment will turn on verbose logging specifically for GPO application deployments.

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Name: RunDiagnosticLoggingApplicationDeployment
Type: REG_DWORD
Value: 1
Note: In the case of an administrator who is trying to deploy antivirus files or other apps via GPO, this key would definitely be helpful in improving logging.

RunDiagnosticLoggingGlobal will turn on verbose logging for all GPO processing events, including those listed above.

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Name: RunDiagnosticLoggingGlobal
Type: REG_DWORD
Value: 1
Note: As a catch-all it will log lots of events that may not have anything to do with your specific problem.

Beware that when you switch on verbose logging modes with these values, your Event Viewer logs will fill up quickly. Youíll need to review the settings for the Event Viewer logs to ensure that everything you need is being logged and that you donít lose or overwrite any part of the logs you may need to keep for reference, security, and/or legal reasons.