To use the Digital Employee Experience Management (DEEM) feature fully, you must enable specific Group Policy Objects (GPOs) for Windows 10 devices. Enabling the GPOs, allows Workspace ONE Intelligence to report them in dashboards. You can do this action in SCCM or you can use product provisioning in Workspace ONE UEM.

You need to enable specific GPOs for a few performance indicators so DEEM can capture the associated data.

  • Login Failure
  • Lock
  • Unlock
  • Screen On
  • Screen Off

Enable the listed events in SCCM.

Event GPO
Login Failure SecuritySettings > Advanced Audit Policy Config SystemAuditPolicies > Logon/Logoff > Audit Logoff SystemAuditPolicies > AuditLogon, Other Logon/Logoff events
Lock SecuritySettings > Advanced Audit Policy Config SystemAuditPolicies > Logon/Logoff > Audit Logoff SystemAuditPolicies > AuditLogon, Other Logon/Logoff events
Unlock SecuritySettings > Advanced Audit Policy Config SystemAuditPolicies > Logon/Logoff > Audit Logoff SystemAuditPolicies > AuditLogon, Other Logon/Logoff events
Screen On SecuritySettings > Advanced Audit Policy Config SystemAuditPolicies > Logon/Logoff > Audit Logoff SystemAuditPolicies > AuditLogon, Other Logon/Logoff events
Screen Off SecuritySettings > Advanced Audit Policy Config SystemAuditPolicies > Logon/Logoff > Audit Logoff SystemAuditPolicies > AuditLogon, Other Logon/Logoff events

To use product provisioning in Workspace ONE UEM, create a File/Action to run the script on Windows 10 devices and deploy the script with a Product.

Prerequisites

Copy the listed code and save it in an app like Notepad ++ as a CMD file (batch file). Title it so you can recognize it for this procedure. Perhaps title it Enable_Windows_Audit_Events.cmd.

This code updates the applicable GPOs.

@echo off
echo "Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value" >audit_policy.csv
echo ",System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success and Failure,,3" >>audit_policy.csv
echo ",System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3" >>audit_policy.csv
echo ",System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3" >>audit_policy.csv

auditpol.exe /restore /file:audit_policy.csv
del /f audit_policy.csv

Procedure

  1. In the Workspace ONE UEM console, create a File/Action to run the script. Go to Devices > Provisioning > Components > Files/Action > Add Files/Actions > Windows > Windows Desktop.
  2. On the General tab, enter a descriptive name for the Files/Action. You can enter GPO Update for DEEM. You want to recognize this action to add it to the product later in this task.
  3. On the Files tab, select Add Files and upload the script. Enter the file path where you want the product to install the script on devices in Download Path. The Version setting is for your record keeping. You can enter 1.0 or any version number that makes sense for your situation.
  4. Save the file.
  5. On the Manifest tab, in the Install Manifest section, select Add Action and complete the settings.
    • Action(s) To Perform: Select Run.
    • Execution Context: Select System.
    • Command Line and Arguments to run: Enter the file path of the script. For example, enter C:\ Enable_Windows_Audit_Events.cmd.
    • TimeOut (-1 for infinite): Enter 0.
  6. Save the action.
  7. In the Workspace ONE UEM console, create a Product to deploy the script to devices. Go to Devices > Provisioning > Product List View > Add Product > Windows > Windows Desktop.
  8. On the General tab, enter a name (like GPO Update Product for DEEM) and select the group in Smart Group that contains the devices you want to deploy the script to.
  9. On the Manifest tab, select Add, and select Install Files/Actions for Action(s) To Perform.
  10. For Files/Actions, enter the name of the Files/Actions created earlier and select it from the list. Save this manifest. Saving the manifest displays an Activate setting.
  11. Select Activate for the manifest to assign to devices.
  12. On the View Device Assignment page, select Activate to deploy the product to devices.
check-circle-line exclamation-circle-line close-line
Scroll to top icon