Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to collect Local Security Authority API logging for troubleshooting


View products that this article applies to.

Summary

If you have problems after you use the Local Security Authority (LSA) API to apply changes to the Default Domain group policy setting, the Default Domain Controller group policy setting, or the local security policy on non-domain controller computers, you can enable debug logging to help determine what problems the API is having. Logging will start after the system is restarted.

↑ Back to the top


More information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Use Registry Editor (Regedt32.exe) to view the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit
Add the following registry value to the preceding registry key:
Value Name: PolicyDebugLevel
Data Type: REG_DWORD
Radix: Decimal
Value: 2 (0 - no logging, 1 - errors only, 2 - verbose)
Note: The log file is generated in the %SystemRoot%\Security\Logs\Scepol.log file when LSA APIs are called. Scepol.log defaults to 1MB in size. To increase the maximum size, add the following registry value to the preceding registry key:
Value Name: PolicyLogSize
Data Type: REG_DWORD
Radix: Decimal
Value: 1024 (in Kb, the minimum value is 1024 (1MB); if it is less than this, the value is ignored)

↑ Back to the top


Keywords: KB277675, kbhowto, kbenv

↑ Back to the top

Article Info
Article ID : 277675
Revision : 9
Created on : 3/1/2007
Published on : 3/1/2007
Exists online : False
Views : 305