Thursday, 20 March 2014

No winlogon.log file

After fresh installation of Windows Server domain controller you could see that you have no winlogon.log file which is useful to debugging AD gpo's.

For example when you need to troubleshot SceCli events.Event ID 1202 tells you to use:

FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log

 But, hey! There are no winlogon.log file!
This is by design :).

 To create it, go to regedit and track following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Click the key ExtensionDebugLevel and enter 2 as a Data.

 After refreshing AD policies with gpupdate you should see your winlogon.log file

Posted by at
Labels: , , , ,

6 comments:

  1. Bella7326 March 2015 at 08:09

    This posting helped me. Thank you!

    ReplyDelete
  2. Anonymous19 October 2015 at 06:28

    thanks thanks!!

    ReplyDelete
  3. Anonymous12 January 2016 at 06:55

    Thank you..... why would "they" leave that out on purpose?

    ReplyDelete
  4. Anonymous15 May 2017 at 09:01

    Thank you!!

    ReplyDelete
  5. Anonymous2 August 2017 at 21:22

    You're a legend, thanks so much! It was so annoying trying to follow the event log troubleshooting process and not having a winlogon file!!

    ReplyDelete
  6. Mueeid Soomro21 September 2017 at 19:28

    This type of versatility is what makes Nagios one of the most popular and user friendly monitoring application that there is out there. It can be used to effectively monitor anything. Personally, I love it. It has no equal!
    seo log analyzer

    ReplyDelete

Subscribe to: Post Comments (Atom)