How to collect Local Security Authority API logging for troubleshooting

View products that this article applies to.

Summary

If you have problems after you use the Local Security Authority (LSA) API to apply changes to the Default Domain group policy setting, the Default Domain Controller group policy setting, or the local security policy on non-domain controller computers, you can enable debug logging to help determine what problems the API is having. Logging will start after the system is restarted.

↑ Back to the top

More information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Use Registry Editor (Regedt32.exe) to view the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit

Add the following registry value to the preceding registry key:

Value Name: PolicyDebugLevel
Data Type: REG_DWORD
Radix: Decimal
Value: 2 (0 - no logging, 1 - errors only, 2 - verbose)

Note: The log file is generated in the %SystemRoot%\Security\Logs\Scepol.log file when LSA APIs are called. Scepol.log defaults to 1MB in size. To increase the maximum size, add the following registry value to the preceding registry key:

Value Name: PolicyLogSize
Data Type: REG_DWORD
Radix: Decimal
Value: 1024 (in Kb, the minimum value is 1024 (1MB); if it is less than this, the value is ignored)

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: KB277675, kbhowto, kbenv

↑ Back to the top

Article Info

Article ID	:	277675
Revision	:	9
Created on	:	3/1/2007
Published on	:	3/1/2007
Exists online	:	False
Views	:	573

Microsoft KB Archive Search

How to collect Local Security Authority API logging for troubleshooting

Summary

More information

Applies to: