GPLogView.exe is a command-line troubleshooting tool that you can use to dump Group Policy–related events logged in the System Event Log channel and the Group Policy Operational Event Log channel. GPLogView.exe works only on Windows Vista; it is not included with Windows Vista but GPLogView.exe is available as a free download. The command-line options for this tool are:
-? Shows this usage message.
-o [output file name] Output filename required for text, xml, or html; not valid if -m is specified.
-n Do not output the activity ID.
-p Dump the process ID and thread ID associated with each event.
-a [activity id guid] Shows only events matching the given activity ID.
-m Runs the tool in monitor mode displaying events in real time.
-x Dumps the event in XML; the only other options allowed with this option are –m and -a but not both together.
-h Dumps the events in HTML format; -m or -x option not allowed, and -a and -n are allowed, but not both together. Also must specify -o option.
-q [Query file name] Uses the query specified by query file.
-l [Publisher name] If -q is specified, the publisher name must be specified.
The following examples illustrate the use of this tool:
GPLogView.exe -o GPEvents.txt
GPLogView.exe -n -o GPEvents.txt
GPLogView.exe -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.txt
GPLogView.exe -p -o GPEvents.txt
GPLogView.exe -x -o GPEvents.xml
GPLogView.exe -x -m
GPLogView.exe -x -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.xml
GPLogView.exe -h -o GPEvents.html
GPLogView.exe -h -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.html
GPLogView.exe -h -q somequeryFile.txt -l Microsoft-Windows-GroupPolicy -oGPEvents.html