Group Policy Troubleshooting

Windows 7/2008 has a specific event viewer for Group Policy where you can see events focused solely on this.
If you click on the details tab for one of these events, and expand out the System part, you will see an Activity ID. An Activity is defined as something that may spark off several different events. For example, when group policy processing is refreshed, this is a single activity so by filtering on that specific Activity ID you can get all of the events associated with that activity.
Within a single Activity ID you will then see events for each of the GPOs that were processed.

If this is not enough information, you can create log files of all of the GPO processing information.
In the following example I'll set up logging of just group policy preference registry settings:

• Open up local group policy on a machine (this does not appear to feature in domain GPOs).
• Navigate to Computer Configuration - System - Group Policy - Logging.
• Double click the "Configure Registry preference logging and tracing".

Here you can define whether you want informational, warning or error messages (or all 3), where the trace files will be kept and their max size. Remember though that the folder path to the trace files is not automatically created so you need to ensure that the specified folder structure exists for anything to be captured.

Once configured all GPO activity relating to the registry part of GPP will be logged.

From this log file it is easy to see details such as when WMI filters apply or get ignored.

For instance, you will see something like this when a WMI filter is passed:
Starting filter [AND FilterWmi].
Adding child elements to RSOP.
Passed filter [FilterWmi].
Filters passed.

If it fails you'll instead see:
Starting filter [AND FilterWmi].
Adding child elements to RSOP.
Failed filter [FilterWmi].
Filters not passed.