Share via

Userenv 로그를 읽는 방법의 이해 - Part 2

  • Article

?? : Understanding How to Read a Userenv Log ? Part 2

https://blogs.technet.com/askds/archive/2008/11/11/understanding-how-to-read-a-userenv-log-part-2.aspx

?????? Userenv ??? ?? ??? ??? ??? ?????. Userenv ??? ??? ??? ?? ?? ???? ??? credential? ??? ?? ??? ?? ???? ?????. ????? ???? "??? ?? ?? ?"? ??? ??? ???? ???????. ? ??? ???? ??? ???? ?????. ????? ??-???? ?? ?? ????? ? ???, ???? ??? ??? ? ? ?? ?????. ?? ?? ???? ?? ???? ????. ?????? ???? ?? ??? ????? ????? ??? ????? ??? ???. ??? ?? ???? ??? ??? ???? ????? ??? ???? ?? ? ?? ???. ????? ??? ?? ?????. ?? ?? ???? ????? ??? ? ?? ??? ???? ??? ?????. ???? ???? ???? ?? ????? ????.

Userenv ??? ???? ?? ??? ??? ???? "??? ?? ???"? ????? ?? ???? ?? ??? ???. ???? ???? ??? ? ?? ???? ????? ???? ???? ??? alias? ?? ???? ?????.

USERENV(750.754) 22:01:02:796 LoadUserProfile: lpProfileInfo->lpUserName = <User1>

?? ??? ?? ??? ? ? ????.

USERENV(750.754) 22:01:02:796 LoadUserProfile: lpProfileInfo->lpDefaultPath = \\DC1\netlogon\Default User

????? ?? ?? ??? ???? ?? ??? ????? Netlogon ??? ?????. ??? NT 4.0 ???? ???? ???? ???? ????. ???? ??? ??? SID(Security Identifier)? ?????.

USERENV(750.754) 22:01:02:812 LoadUserProfile: User sid: S-1-5-<domain sid-rid>

?????? ???? ?????? ?? ????? ?????.

USERENV(750.754) 22:01:02:812 RestoreUserProfile: User is a Admin

??? ???? ???? ??? ??? ???? ??? ??? ???? ??? ?? ???? ?? ??? ?????.

USERENV(750.754) 22:01:02:812 ExtractProfileFromBackup: A profile already exists

USERENV(750.754) 22:01:02:812 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting

USERENV(750.754) 22:01:02:812 GetExistingLocalProfileImage: Found entry in profile list for existing local profile

USERENV(750.754) 22:01:02:812 GetExistingLocalProfileImage: Local profile image filename = <C:\Documents and Settings\user1>

USERENV(750.754) 22:01:02:812 GetExistingLocalProfileImage: Expanded local profile image filename = < C:\Documents and Settings \user1>

USERENV(750.754) 22:01:02:812 GetExistingLocalProfileImage: No local mandatory profile. Error = 2

USERENV(750.754) 22:01:02:812 GetExistingLocalProfileImage: Found local profile image file ok < C:\Documents and Settings \user1\ntuser.dat>

?? ???? ?? ???? ??? ??? ??? ??? ????

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

? ? ???? ? ???? ????? ??? ?????? ??? SID? ??? ?????. ProfileList? ???? AllUsersProfile, DefaultUserProfile, ??? ProfilesDirectory? ?? ?? ?? ? ???. ? ??? ???? ???? ?? ?? ????? ???? ???? ? ???? ???? ?? ???? ?? ???? ? ? ????. ? ??? ???? ??? ?? ???? SID? ?? ? ????. ??? ???? ProfileImagePath ?? ???. ??? ???? ??? ???? ??? ???? ??? ?????. ?? ?? ??? ??? ????? ?????. ?? ???? ???? ?? ????? ??? ?????. ?? ??? ???? ???? ??? ? ? ????? Ntuser.dat?? ??? ??? ? ? ??? ??? ???? ?? ?? ???. ?? Ntuser? .man ?? ??? ???? ???? ?? ?????. .dat ?? ???? error = 2?? ???, "???? ??? ??? ?? ? ????"?? ?????. ??? ??? ??? ????? ???? ?? ???? ??? ???? ??? ?? ?????? "net helpmsg 2"? ?????. ? ???? Ntuser.man ??? ?? ? ?? ?????. ??? ?? ????, ntuser.dat ??? ?????? ??? ??? Regedit? ?? ??????? ? ? ?? HKEY_CURRENT_USER ???. ??? ??? ??? ???? ????, ?? ???, ?????? ?? ?? ??? ?? ??? ???? ????????. ?? ???? ???? ??? ?? ?? ? ? ????.

USERENV(750.754) 22:01:02:874 LoadUserProfile: Leaving with a value of 1.

? 1? ????? ?? ?????. ??? ????? ??? ??? ??? ???? ????? ??? ????? ???? ???. ??? ??? Ntuser.dat ??? ????? HKEY_CURRENT_USER ? ??? ?? ?????. ???? ? ?? ??? ??? ?? ?? ?? ????? ???? ????.

USERENV(750.dec) 22:01:03:796 ProcessGPOs: Starting user Group Policy (Background) processing...

??? ??? ?? ?????, ???? LDAP ??? ???? ??? ?? ??? ???? ? ? ????.

USERENV(750.dec) 22:01:03:828 ProcessGPOs: User name is: CN=User1,OU=Users,OU=TX,OU=USA,DC=Domain,DC=com, Domain name is: Domain

USERENV(750.dec) 22:01:03:828 ProcessGPOs: Domain controller is: \\DC1.Domain.COM Domain DN is Domain.COM

?? 1?? ??? ?? ?? ?? ??? ?? ????? ?????. GPC? GPT version numbers ? ????, DN(display name), CN(common name)? ?? ????. ?? ???? ?? ??? ??? ??? ?? ??? ??? ?? ?????? ?? ? ? ????.

USERENV(750.dec) 22:08:54:183 ProcessGPOs: User Group Policy has been applied.

USERENV(750.dec) 22:08:54:183 ApplyGroupPolicy: Leaving successfully.

???? ??? ??(22:01:02)? ?? ??? ??? ??(22:08:54)? ?? 8?? ???? ?? ? ? ????. ?? ????? ??? ???? ???, ???? ??? ? ? ????. ???? ??? ????? ???? ?????.

USERENV(46c.4c4) 22:08:54:777 LibMain: Process Name: C:\WINNT\System32\WScript.exe

?? ?? ? ???, GINA? userinit.exe? ???? ? ??? ?? explorer.exe? ?????. Explorer? ????? ?? ??? ?? ???? ?? ???? ???????. ??? Userinit? Explorer? ????? ?? ?? ??? ??? ???? ??? ??? ?? ?? ?? ???? ?? ????.

USERENV(8c4.8c8) 22:08:55:808 LibMain: Process Name: C:\WINNT\system32\userinit.exe

USERENV(8d8.8dc) 22:28:57:824 LibMain: Process Name: C:\WINNT\Explorer.EXE

?? ? ???? ?? ???? ?? 20? ?? ??? ?? ?? ?????. ???? ? ???? ???? ?????? ??? ??? ?????.

USERENV(6e4.6d4) 22:10:16:856 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.

USERENV(6e4.6d4) 22:10:17:090 ImpersonateUser: Failed to impersonate user with 5.

??? Userenv ??? ??? ??? ????. ?? ?? 1? ?????, 6e4? ???? ????? PID???. ? ???? ? PID? ?? ????? ???? Explorer? ????? ?? ? ? ????. PID 6e4(16??) 1764(10??)? ?????. ?? ????? PID? ???? ?? 3rd party ?? ???? ???? ? ? ? ????. ? ???? ???? ?????? ??????. ????? ? ??? ???? ?? ??? ????. ?? ???? ??? ???? ?? ?? ??? ????. ??? Userenv.log ??? ???? ???. ?? ??? ?? ???? ???? ?????? ??? ??? PID? ? ? ?? ??? ????. ???? ?????? ??? ????? ?? ?? ????? ??? PID? ????. ???? ?? ??? ?? ??? ??? ?? - ?? - Msinfo32? ???? ??? ????. ??? ?? ??? .NFO ???? ?? ??? ?? ??? ?????. ???? ??? ???? ?? ???? ????? ??? ???? ???? ??? ?????. ???? ?? ????? PID? ? ? ????.

?? ???? ????? ??, ?? ??? ?? ?? ?? ???? ?? ????. ?? ???? ???? Userenv ??? ?? ???? ?? ? ? ????. ?? ?? ?? ???? ??? ??? ?? ?? ?? ??? ???? ???? ????.

USERENV(750.754) 22:01:02:796 LoadUserProfile: lpProfileInfo->lpUserName = <User1>

USERENV(750.754) 22:01:02:796 LoadUserProfile: lpProfileInfo->lpProfilePath = \\fileserver\profiles\User1

??? ?? ???? fileserver\profiles\User1? ?????. SID? ???? ???? ??? ???? ????? ?????.

USERENV(750.754) 22:01:02:796 CheckXForestLogon: checking x-forest logon, user handle = 560

USERENV(750.754) 22:01:02:796 CheckXForestLogon: not XForest logon.

??? ?? ???? ??? ??? ???? ??? ????. ???? ??? ??? ??? ????? ????? ?? ????? ?? ??? ?????? ??? ??? ??? ??? ????? ??? ?? ???? ?? ???.

??? ?? \ ?? ??? \ ??? \ ?? ?? \ ?? ???? ??? ?? ? ?? ??? ??? ??

? ??? ?? ??? ??? ???? ??? ??? ????. ???? ??? ?? \\fileserver\profiles? ????? ????? ???? ?? E ???????. ????? E:\user1 ?? ??????. ???? ?? ?? ??? ??, DC? ?? ???? ??? ?????. ??? ??? ? ????? ??? ???? ??? ??? ?????.

USERENV(750.754) 22:01:02:796 CheckRoamingShareOwnership: checking ownership for E:\User11

USERENV(750.754) 22:01:02:796 CheckRoamingShareOwnership: owner is the right user

??? ???? ??? ???? ??? ????? ?? ? ????. ?? ??? ????? ??? ?? ??? ????? ?? ???? ??? ??? ????? ???? ???? ???. ??? ??? ??? ??? ???? ? ????. ??? ??? ??? ??? ??? ????? ???? ???? ???? ? ??? ??? ????.

??? ?? \ ?? ??? \ ??? \ ??? ??? \ ?? ??? ??? ??? ???? ?? ??

???? ?? ????? ???? ?? ??? ???? ????? ?? ???? ????? ?? ?????. ??? ??? ?? ???? ??? ?? ??? ??? ???? ???? ?????? ??? ?? ??? ???? ????.

? ??? ??? Userenv ??? ??? ??? ????? ??? ???? ????. ??? ????? ??? ??????. ??? ?? ????? ??? ?? ?? ?? ???? ?? ?????. ??? ????? ????? ???? ???? ?? ??? ??? ????? ???? ? ??? ???? ????.

? ?? ??? ???? ??? ??? ?????.

Interpreting Userenv Log Files

https://technet.microsoft.com/en-us/library/cc786775.aspx

Group Policy Wiki

https://grouppolicy.editme.com

250842 Troubleshooting Group Policy application problems

https://support.microsoft.com/kb/250842

221833 How to enable user environment debug logging in retail builds of Windows

https://support.microsoft.com/kb/221833

- Mark Ramey