A great post on troubleshooting Group Policy using event logs: http://technet.microsoft.com/en-us/library/cc749336(v=ws.10).aspx
I can’t remember where I copied the rest of these steps, but I refer to them quite often:
Collect GPMC log
1. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console. If the GPMC snap-in is not installed.
2. Right click on “Group Policy Result” and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper user in the wizard)
3. Right click the resulting group policy result and click the “Save Report…” => save report and upload it to the link I provided.
Collect gpresult output
1. Run the command gpresult /v >C:\gpresult.txt.
2. Upload the C:\gpresult.txt to the above link.
Collect Userenv.log
Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Entry: UserEnvDebugLevel
Type: REG_DWORD
Value data: 0x00030002 (Hexadecimal)
After the issue reoccurs, find and upload %windir%\Debug\UserMode\Userenv.log file.
Collect fdeploy.log
Subkey: Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Entry: FdeployDebugLevel
Type: REG_DWORD
Value data: 0x0000000F (Hexadecimal)
The log file can be found at: %Systemroot%\debug\usermode\fdeploy.log.
