Article ID: 277675 - View products that this article applies to.
This article was previously published under Q277675
This article has been archived. It is offered "as is" and will no longer be updated.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/ )Description of the Microsoft Windows registry
If you have problems after you use the Local Security Authority (LSA) API to apply changes to the Default Domain group policy or Default Domain Controller group policy setting, or the local security policy on non-domain controller computers, you can enable debug logging to help determine what problems the API is having. Logging will start after the system is restarted.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Use Registry Editor (Regedt32.exe) to view the following registry key:
Add the following registry value to the preceding registry key:
Value Name: PolicyDebugLevelNote: The log file is generated in the %SystemRoot%\Security\Logs\Scepol.log file when LSA APIs are called. Scepol.log defaults to 1MB in size. To increase the maximum size, add the following registry value to the preceding registry key:
Data Type: REG_DWORD
Value: 2 (0 - no logging, 1 - errors only, 2 - verbose)
Value Name: PolicyLogSize
Data Type: REG_DWORD
Value: 1024 (in Kb, the minimum value is 1024 (1MB); if it is less than this, the value is ignored)
Article ID: 277675 - Last Review: November 2, 2013 - Revision: 8.0