Before this access policy can run successfully, clients must be configured to allow
trusted BIG-IP® systems to fetch specific Windows Registry key
values.
You can use a Windows Registry action to fetch values from the Windows Registry on
the client.
-
On the Main tab, click .
The Access Profiles List screen opens.
-
In the Access Policy column, click the Edit link for the
access profile you want to configure.
The visual policy editor opens the access policy in a separate
screen.
-
On an access policy branch, click the (+) icon to add an
item to the access policy.
A popup screen displays actions on tabs, such as General Purpose and
Authentication, and provides a search field.
-
Click the Endpoint Security (Client-Side) tab.
-
Select Windows Registry and click Add
Item.
A popup properties screen opens.
-
In the Expression field, type an expression that
includes these items: the name of a Windows Registry key value, the >> operator,
and a name for use as a variable.
The Windows Registry key value used in the expression must match a registry
key value that the client allows a trusted server to fetch.
Here is an example expression:
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters"."Domain"
>> "variable_name" where
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
is the registry key, Domain is the name of the value to fetch
and >> is the GET operator. If GET is successful, then
variable_name is used to store the value in a session
variable formatted like this:
session.windows_check_registry.last.data.
variable_name.
-
Click Finished.
The popup screen closes.
-
Click Save.
The properties screen closes and the visual policy editor
displays.
You added an action to fetch a registry key value from the Windows Registry on the
client. This is not a complete access policy.
Click the
Apply Access
Policy link to apply and activate your changes to this access policy.
Note: To ensure that logging is configured to meet your
requirements, verify the log settings for the access profile.