Userenv 로그를 읽는 방법의 이해 - Part 1
?? : Understanding How to Read a Userenv Log – Part 1
?????? ???. ???? ??? ?? ??(Mark)???. ??? Userenv ??? ????? ?? ??? ??? ?? ??? ??? ??? ?? ??? ????? ???? ?? ??? ?? ?? ????? ?? ??? ?????. ?? ????? ??? ????? ??? ??? ??? ???. ??? ?? ?? ??? ????? ?? ??? ?? ???? ??? ????? ?????? ??? ????? ???? ???. ???? ??? 2???? ?? ??? ???? ??? ???? ???? ???? ??? ???? ?????. ?? ???? ??? ????? ??.
???, Userenv ??? ?????? ??? "User Environment"? ??????. ?? ??? ??? ????? ? ???? ??? KB ??? ???? ???.
221833 How to enable user environment debug logging in retail builds of Windows
https://support.microsoft.com/kb/221833
?? : ? ??? Userenv ??? Windows Vista? Windows Server 2008??? ???? ????. Windows 2000, 2003 ?? XP??? ?????.
??? ????? Regedit? ?? ??? ????.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
UserEnvDebugLevel? REG_DWORD? ??? 16??? 0x10002 ?? ?????. ? ?? ????? ???? ????.
??? %SystemRoot%\Debug\UserMode ??? Userenv.log ??? ?? ??? ????. (????? ??? ???? ???? ????) ?? Userenv.log ??? 300KB?? ????, ??? Userenv.bak? ????, ??? Userenv.log ??? ??????. ? ??? ???? ??? ?????? ??? ???? ?????, Winlogon ????? ??? ? ?????. ??? ???? ??? ? ?? ??? ???? ???, Userenv.log ??? 300KB? ?? ?? ????. ?? .log? .bak ??? ?? ??? ?? ??? ??? ??? ??? ?? ? ? ????. ???? ???? ??? ??? ???, ????? ???? ?? ?????.
Userenv ??? ???? ??? ????, ?? ???? ?? ?? ?? ??? ????, ???? ??? ??? ?? ?? ??? ???? ???. ?? ??? 300KB ??? ?? ? ?? ??? ???, Userenv.bak ??? ?????? ???? Winlogon? Userenv.log? Userenv.bak? ??? ? ???, Userenv.log? ???? ??? ?? ???. ? ??? ????? ?????, Userenv.log ? ??? ????? ? ??? ??? ???? ?? ?????. ?? ?? ????? ??? ?? ?? ?? ??? ?????.
?? ???? ????? ???? ???? ??, Userenv ??? ??, ??? ?? ??? ?????.
USERENV(78c.790) 22:00:04:218 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
??
USERENV(78c.790) 22:00:04:546 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
Network Service? Local Service? ????? ?? ?? ?????. ? ??? ?? ????? ???? ???? ????? ????? ?? ??? ???? ??? ???. ???? ??? ?? ?? ? ? ????.
USERENV(78c.790) 22:00:04:515 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
??? ???? ??? ? ??? ?????? ??? ??? ????. Network Service(S-1-5-20) ?? the Local Service(S-1-5-19) ? ??? SID(Security Identifier)? ??? ??? ? ??? SID? ??? ??? ?????. ? ??? SID? ??? ??? ????.
243330 Well-known security identifiers in Windows operating systems
https://support.microsoft.com/kb/243330
??? ??? ???? ??? ???? ???? ???? ?? ????. ??? ??? ???? ???. ???? ?????? ?? ???? ????? ??? ??? ?? ?? ? ????.
USERENV(750.280) 22:00:43:203 ProcessGPOs: Starting computer Group Policy (Background) processing...
??? ???? ????? ????? ?? ?????. ??? ?? ???? ??? ???? ??? ??? ?? ????. ?? ??? ??? ????? ???? ??? ?? ???? ??? ???? ???. ??? ?? ICMP? ???? ???? DC? ?? ???? ??, ???? ???? ???, ??? ???? ?? ??? ? ????.
USERENV(750.280) 22:00:43:203 PingComputer: PingBufferSize set as 2048
USERENV(750.280) 22:00:43:203 PingComputer: Adapter speed 100000000 bps
USERENV(750.280) 22:00:43:203 PingComputer: First time: 0
USERENV(750.280) 22:00:43:203 PingComputer: Fast link. Exiting.
???? ? ??? ??? Active Directory? ??? ???? ???.
USERENV(750.280) 22:00:53:953 ProcessGPOs: User name is: CN=Machine,OU=Workstations,OU=TX,OU=USA,DC=Domain,DC=com, Domain name is: Domain
USERENV(750.280) 22:00:53:953 ProcessGPOs: Domain controller is: \\DC1.DOMAIN.COM Domain DN is DOMAIN.COM
??? ??? LDAP ??? ???? ?? ?????. ??? ???? OU ???? ??? ??? ? ????. ?? ?? DC? ??? ???? ?? ????? ??? ???.
???? ????? ?? ????? {} ??? ?? GUID? ??? ?????.
USERENV(750.280) 22:00:53:968 ReadExtStatus: Reading Previous Status for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
OU ??, ??? ??, ?? ??? ??? ??? ??? ??? ?????. ???? ???? ??? OU?? ????? ?? ???? ????? ??? ??? ??? ? ?? ?? ??? ?????.
USERENV(750.280) 22:00:54:000 GetGPOInfo: Server connection established.
USERENV(750.280) 22:00:54:031 GetGPOInfo: Bound successfully.
USERENV(750.280) 22:00:54:046 SearchDSObject: Searching <OU=Workstations,OU=TX,OU=USA,DC=Domain,DC=com >
USERENV(750.280) 22:00:54:046 SearchDSObject: No GPO(s) for this object.
USERENV(750.280) 22:00:54:046 SearchDSObject: Searching < OU=TX,OU=USA,DC=Domain,DC=com >
USERENV(750.280) 22:00:54:046 SearchDSObject: Found GPO(s): <[LDAP://CN={Policy GUID},CN=Policies,CN=System, DC=Domain,DC=com;0]>
USERENV(750.280) 22:00:54:046 SearchDSObject: Searching < OU=USA,DC=Domain,DC=com >
USERENV(750.280) 22:00:54:046 SearchDSObject: Searching < DC=Domain,DC=com >
USERENV(750.280) 22:00:54:046 SearchDSObject: Searching <CN=MYSite,CN=Sites,CN=Configuration, DC=Domain,DC=com >
? ??? ?? ???? ??? ??? ?? ?? ???.
USERENV(750.280) 22:00:54:046 SearchDSObject: Found GPO(s):
GPO? ???? ???? ??? ?? OU/???/???? ?????. ??? ??? ?? ??? ?? ? ????.
USERENV(750.280) 22:00:54:046 SearchDSObject: Found GPO(s): <[LDAP://CN={Policy GUID},CN=Policies,CN=System, DC=Domain,DC=com;0]>
???? 0? ???, ??? ?????, 1? ??? ?? OU/??? ?? ??? ??? ??????? ????? ??? ??? ??? ?????. ?? ?? 2? ???? "Enforced"??? ??? "No Override" ? ??? ??? ?? ?????. "No Override"? ??? ?? 2?? ??? GPO? ?? ????? ?? ?? ??? ???, ??? no override ? ???? ?????? ??? ???? ?? ?????. ?? ??? OU/??? ???? "No Override" ?? "Enforced"? ???? OU ???? ?? ??? ????, ?? ??? "No Override"? ??? ?????. ?? "No Override" ?? "Enforce"? ??? ?????? ??? ???? ?? ?? ? ????.
?? ??? ??? ???? ??? ?????.
USERENV(750.280) 22:00:54:093 ProcessGPO: Searching <CN={GPO GUID},CN=Policies,CN=System, DC=Domain,DC=com >
?? ??? AD? ?? ??? ??? ????? ???.
USERENV(750.280) 22:00:54:093 ProcessGPO: Machine has access to this GPO.
?? ???? ??? ???? ??? ?????, ??? ??? ? ?? ??? ??? ? ??? ??? ??? ????.
USERENV(750.280) 22:00:54:109 FilterCheck: Found WMI Filter id of: <[DOMAIN.COM;{Policy GUID};0]>
?? ??? ??? WMI ??? ??? ??? ??? ? ???? ????? ??? ???? ???. WMI ??? ??? ???? ?? WMI ??? ? ? ????. ?? GPMC? ????? ??? ?? ?? ??? ?? ???? ?? ? ????.
USERENV(750.280) 22:00:54:093 ProcessGPO: GPO passes the filter check.
??
USERENV(750.280) 22:00:55:250 ProcessGPO: The GPO does not pass the filter check and so will not be applied.
USERENV(750.280) 22:00:54:093 ProcessGPO: Found functionality version of: 2
?? ??? ??? ???? Windows 2000 ??? ?????? 2? ??? ???.
USERENV(750.280) 22:00:54:093 ProcessGPO: Found file system path of: \\DOMAIN.com\SysVol\DOMAIN.com\Policies\{GPO GUID}
?? ?? DC? ?? ???? ?? ??? ?????.
USERENV(750.280) 22:00:54:109 ProcessGPO: Found common name of: <{GPO GUID}>
USERENV(750.280) 22:00:54:109 ProcessGPO: Found display name of: <MY Domain Policy>
USERENV(750.280) 22:00:54:109 ProcessGPO: Found machine version of: GPC is 77, GPT is 77
GPC(Group Policy Container)? GPT(Group Policy Template)? ?? ??? ?????. ??? ????? ??? ?? ?????? ???? ??? ?? ??? ?????. ?? ?? ??? ??? AD ?? ?? ?? ?? ?? ??? ??? ?? ???.
USERENV(750.280) 22:00:54:109 ProcessGPO: Found flags of: 0
USERENV(750.280) 22:00:54:109 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
?? ??? CSE(client-side extensions)? ???? ???? ???? ?? ????. ??? CSE? ?????.
216357 Identifying Group Policy Client-Side Extensions
https://support.microsoft.com/kb/216357
943729 Information about new Group Policy preferences in Windows Server 2008
https://support.microsoft.com/kb/943729
?? ?????, ??? ??, ?? ?? ?? ??? ?? ???? CSE? ??? ?????. ?? ?? ??? ???? ???? ? ??? ???? ???.
USERENV(750.280) 22:00:56:359 ProcessGPOs: Processing extension Folder Redirection
USERENV(750.280) 22:00:56:359 CompareGPOLists: The lists are the same.
USERENV(750.280) 22:00:56:359 CheckGPOs: No GPO changes but couldn't read extension Folder Redirection's status or policy time.
USERENV(750.280) 22:00:56:359 ProcessGPOs: Extension Folder Redirection skipped with flags 0x7.
??? ?? ??? ????? ?? ?? ??????.
USERENV(750.280) 22:00:56:390 SetFgRefreshInfo: Previous Machine Fg policy Synchronous, Reason: SyncPolicy.
USERENV(750.280) 22:00:56:390 SetFgRefreshInfo: Next Machine Fg policy Synchronous, Reason: SyncPolicy.
USERENV(750.280) 22:00:56:390 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(750.280) 22:00:56:390 LeaveCriticalPolicySection: Critical section 0x6d0 has been released.
USERENV(750.280) 22:00:56:390 ProcessGPOs: Computer Group Policy has been applied.
USERENV(750.280) 22:00:56:390 ProcessGPOs: Leaving with 1.
USERENV(750.280) 22:00:56:390 ApplyGroupPolicy: Leaving successfully.
USERENV(750.860) 22:00:56:640 GPOThread: Next refresh will happen in 115 minutes
??? ?? ????? ??? ???? ?? ??? ??? ?? ???? 115??? ???? ????? ?????.
??? ????? ?? ?? ???? ?? ?????, ??? ??? Microsoft ???? ???? ?? ?? ??? ???? Userenv ??? ??? ??? ??? ??? ????.
USERENV(6e4.6d4) 22:00:56:890 GetUserNameAndDomain Failed to impersonate user
USERENV(6e4.6d4) 22:00:56:890 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
?? ?????? ???? ?? ??? ?? ?? ??? ???? ??? ?? ?????.
USERENV(750.280)?, ??? ??? 750?, PID(process identifier)?? ??? ??? TID(thread identifier)???. ???? ?? ????? ?????. 750? 16??? ???? 10?? ??? ????. ??? ?? 1872? ????, ??? ????? PID???. ?? ???? ??, ?? - ?? ???? ?? PID ??? ??? ?? OK? ????. ??? ??? ??? ?? ??? PID? ???. PID? ???? ?? 1872? ??? ????? ??? ??? Userenv ??? ???? ???????. ? ???? 1872? Winlogon.exe???. ?? problem PID (6e4)? ?? ?? ?? ?? 1764? ?? ? ????. ?? ???? ?? ??? PID? ??? ??? ? ????.
????? ????? ???? ??? ????? Userenv ??? ??? ??? ??? ???? ? ??? ???? ????. ??? ????? ?? 2?? ?????. ??, TechNet?? Userenv ?? ??? ???? ??? ?? ?? ??? ?? ? ????.
- Mark Ramey