DEX policies for Windows

  • Release version: Xanadu
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of DEX policies for Windows

    DEX policies for Windows provide structured guidelines and rules to ensure consistent, secure, and compliant usage of applications and devices within your organization. These policies help reduce data breach risks, improve data accuracy, and optimize application performance and availability by collecting and analyzing relevant metrics from Windows devices.

    Show full answer Show less

    The Agent Client Collector (ACC) must run as a local system account to fetch complete playbook data from Windows devices, especially for metrics requiring elevated access.

    Key Features

    • Application Metrics Collection: Policies collect detailed application metrics such as CPU usage, memory usage, uptime, crashes, and I/O operations. Notably, the uptime metric requires ACC to run under the local system account.
    • Application Network Experience (ANE): These policies gather network metrics like latency, packet loss, and jitter for installed Windows applications and web applications. Requirements include ACC version 4.2+ and DEX browser extension plugin version 2.5.0+ for web app metrics. ANE uses tracert for network path but does not support domain URL path tracing.
    • Device Metrics Collection: A variety of Windows device metrics are collected and sent to ServiceNow or MetricBase, including system uptime, antivirus and firewall status, disk and CPU details, power plans, stability indices, pending updates, network details, and energy consumption. Some detailed metrics require ACC to run as local system.
    • Real-time Data on User and Device Changes: Policies capture logged-in user data and device configuration changes at frequent intervals (every 60 seconds) to provide up-to-date monitoring.

    Practical Considerations

    • Historical data represents information stored for the past 7 days in MetricBase, while latest data reflects the most recent measurements.
    • Some policies and parameters specifically require the ACC service to operate as a local system account to function correctly.
    • Policy update issues after upgrading the DEX Content Playbook plugin may occur and can be resolved by consulting the specified troubleshooting knowledge base resource.

    What to Expect

    By implementing these DEX policies for Windows, ServiceNow customers can expect enhanced visibility into application and device performance, improved security posture through compliance monitoring, and actionable insights driven by accurate, timely data collection. This enables organizations to proactively manage Windows environments, reduce risks, and maintain optimal operational efficiency.

    Use policies for Windows are guidelines and rules to confirm that the application is used consistently, securely, and in compliance. DEX policies help organizations to reduce the risk of data breaches, improve data quality and accuracy, and optimize application performance and availability.

    To fetch the complete playbook data for a Windows device, the Agent Client Collector (ACC) must run as a local system account. For more details on how to set up the ACC service as a local system account, see Run ACC as a local system account user.

    Note:
    The historical data for an application or device is the information that is kept in the MetricBase database for the past 7 days, while the latest data pertains to the most recent information available.

    Policies for Windows — Application

    DEX provides the following policies for applications.
    Policy name Description Check instance Frequency Historical or latest Check instance parameters*
    DEX Windows Apps Metrics Collects the application metrics in the Windows device and sends the metric data to Metric Base. os.win.check-app-historical 5 mins Historical cpu_usage, memory_usage, uptime, last_access_time, crashes, io_usage_read, io_usage_write, is_running
    Important:
    * DEX Windows Apps Metrics with the uptime check instance parameter only runs with the Local System account.

    Policies for Windows — Application Network Experience

    Before configuring the following policies, make sure that the Agent Client Collector is version 4.2 or higher to display the network path for applications. Additionally, the DEX browser extension plugin must be installed and should be version 2.5.0 or higher to fetch network metrics for web applications.
    Note:
    These policies have the following limitations:
    • A tracert command is used to get the network path.
    • ANE doesn't work for path in the domain URL. Example: <domain>/<path>
    DEX provides the following policies for applications.
    Policy name Description Check instance Frequency Historical or latest Check instance parameters
    DEX Windows Apps Domain Network Monitoring Metrics Collects Windows installed apps network monitoring metrics like latency, packet loss, and jitter and sends monitoring data to Metric Base and the ServiceNow® instance. os.win.check-app-dom-network-historical 10 mins Historical domain_network_details
    DEX Windows Apps Domain Network Monitoring Metrics Collects Windows Web apps network monitoring metrics like latency, packet loss, and jitter and sends monitoring data to Metric Base and the ServiceNow instance. os.win.check-web-app-dom-net-historical 10 mins Historical domain_network_details
    DEX Windows Apps Domain Network Monitoring Metrics Collects Windows Web apps network monitoring metrics like latency, packet loss, and jitter and sends monitoring data to Metric Base and the ServiceNow instance. os.win.check-app-dom-network-latest 30 mins Latest source_details, domain_network_route_details

    Policies for Windows — Device

    DEX provides the following policies for devices.
    Policy name Description Check instance Frequency Historical or latest Check instance parameters*
    DEX Windows Device Metrics Collects Windows device metrics and sends the metric data to the ServiceNow instance. os.win.check-system-metrics-latest 24 hours Latest uptime, logged_in, antivirus_enabled, firewall_enabled, disk_details, device_details, battery_details, bsod_details, cpu_details, os_details, power_plan, stability_index, pending_updates, network_details, bitlocker_details, user_profiles, antimalware_details, hard_drive_status, peripheral_devices_details, cpu_usage, memory_details, device_events, last_access_time, os_setup_details, reboot_details, energy_consumption
    Important:
    * DEX Windows Device Metrics with the following check instance parameters runs only with a Local System account:
    • energy_consumption
    • bitlocker_details
    • last_access_time
    • pending_updates
    • user_profiles
    DEX Windows Device Metrics Collects Windows device metrics and sends the metric data to MetricBase. os.win.check-system-metrics-historical 30 mins Historical network_connection_profiles
    DEX Windows Device Metrics Collects Windows device metrics and sends the metric data to MetricBase. os.win.check-system-metrics-historical 5 mins Historical disk_usage, io_usage_write, io_usage_read, memory_usage, cpu_usage, battery_charge_percentage, energy_consumption, memory_details, uptime, disk_details, cpu_performance_details, crashes, power_consumption, wifi_transmit_rate, wifi_receive_rate, wifi_signal_strength
    DEX Windows Device Metrics Collects data for running Windows processes and sends the data to the ServiceNow instance. os.win.check-process-data 24 hours N/A N/A
    DEX Windows Device Metrics Collects Windows device metrics and sends the metric data to the ServiceNow instance. os.win.check-sys-compliance-historical 5 mins Historical N/A
    DEX Windows Device Metrics Collects Windows device metrics and sends the metric data to the ServiceNow instance. os.win.check-sys-compliance-latest 24 hours Latest N/A
    DEX Get online Windows user on change Gets a logged-in user's data on a Windows device whenever there’s a change. os.win.check-system-custom-query-on-chan 60 secs Latest query,query_sys_id, query_type
    DEX Get device configuration on change Gets a logged-in user's device configuration whenever there’s a change. os.all.check.internal.get-device-configu 60 secs Latest N/A
    Note:
    If you upgrade the DEX Content Playbook plugin on an instance and encounter unexpected policy update issues, see the Troubleshooting: Policy update issues post DEX plugin upgrade [KB1586917] article in the Now Support knowledge base.