Solved: Re: Problems with DEM 2009 10.1 and machine polici...

MIWE-Admins · ‎02-22-2021

Hello,

For a few days I've been trying to distribute machine policies with the DEM 10.1 on Windows 10 1909 / 20H2.
The instructions are good but there are some contradictions.

On the one hand registry keys are to be created, on the other hand a start and shudown script.

There are a lot of ambiguities for me in the web documentation. There are many differences on the web too.

Carl Stalhood also refers to the documentation: https://www.carlstalhood.com/vmware-user-environment-manager/#computersettings

Josh Spencer brings the topic with other settings related to smart policies in the VMware Youtube channel: https://www.youtube.com/watch?v=x68sLdc8iZA

For example, there is more to do with NTFS shares. This log folder is also set up for machines.

Nothing is working for me right now. No log is written and the policy e.g. Deactivate logon screen blure does not pull.

Is there a clear best practice for this?

Many Thanks!

Michael

cbaptiste · ‎03-11-2021

Step 1: Grant the "domain computers" active directory group permissions on your existing DEM configuration share

Step 2: Configure the parent image with the following registry keys. I am only providing the basics. See this page for more in-depth details.

Create new key "Computer Configuration" under HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware UEM\Agent\

HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware UEM\Agent\Computer Configuration

Enabled DWORD 1

ConfigFilePath REG_EXPAND_SZ <path to your DEM config general folder> eg. //nas.domain.local/DEM/config/general

LogFileName REG_EXPAND_SZ <path you want to create log file> eg. C:\ProgramData\VMware\DEM\Logs\FlexEngine.log

Shutdown and push your image out and you should now be able to create new computer policies in DEM and apply them. In my example I am choosing to keep the log file locally to the VMs. I don't want any additional I/O on my storage but you can make that path a remote share. Do remember to give the domain computers active directory group the proper permissions to it.

I hope that helps.

View solution in original post

DEMdev · ‎02-22-2021

Hi @MIWE-Admins,

> On the one hand registry keys are to be created, on the other hand a start and shudown script.

That is correct, and there is no contradiction there. Those registry settings are required as agent configuration to process computer environment settings, and you need to configure those Windows startup and shutdown scripts if you want to use DEM startup and shutdown tasks.

From a quick scan of Carl Stalhood's page I don't see any conflicting information, and Josh's video also looks OK. The requirements for share and NTFS permissions are documented in Infrastructure Requirements.

What contradictions did you find?

MIWE-Admins · ‎02-28-2021

Many thanks for the answer.

I will check these settings again today on the test client.
Is there a special feature for mobile devices and sync tool?
Are these settings also cached?

Many Thanks!

greetings
Michael

DEMdev · ‎03-05-2021

Hi @MIWE-Admins,

No, the approach is the same: you'd have to provide the same agent configuration for computer environment settings (in the registry and those Windows startup and shutdown scripts) on the physical devices on which you use DEM in combination with SyncTool.

MIWE-Admins · ‎03-10-2021

I opened a support ticket at VMWARE a few days ago.
Unfortunately, all efforts do not help.

I will also post the solution to my problem here when I get a response from support. 😉

cbaptiste · ‎03-11-2021