Manual Chapter : Fetching the value of a Windows Registry key from a client

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

Fetching the value of a Windows Registry key from a client

Before this access policy can run successfully, clients must be configured to allow trusted BIG-IP systems to fetch specific Windows Registry key values.
You can use a Windows Registry action to fetch values from the Windows Registry on the client.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles (Per-Session Policies) screen opens.
  2. In the Per-Session Policy column, click the
    Edit
    link for the access profile you want to configure.
    The visual policy editor opens the access policy in a separate screen.
  3. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  4. Click the Endpoint Security (Client-Side) tab.
  5. Select
    Windows Registry
    and click
    Add Item
    .
    A popup properties screen opens.
  6. In the
    Expression
    field, type an expression that includes these items: the name of a Windows Registry key value, the >> operator, and a name for use as a variable.
    The Windows Registry key value used in the expression must match a registry key value that the client allows a trusted server to fetch.
    Here is an example expression:
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters"."Domain" >> "variable_name"
    where
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
    is the registry key,
    Domain
    is the name of the value to fetch and
    >>
    is the GET operator. If GET is successful, then
    variable_name
    is used to store the value in a session variable formatted like this:
    session.windows_check_registry.last.data.
    variable_name
    .
  7. Click
    Finished
    .
    The popup screen closes.
  8. Click
    Save
    .
    The properties screen closes and the policy displays.
You added an action to fetch a registry key value from the Windows Registry on the client. This is not a complete access policy.
Click the
Apply Access Policy
link to apply and activate your changes to this access policy.
To ensure that logging is configured to meet your requirements, verify the log settings for the access profile.