6 Replies Latest reply on Aug 18, 2009 5:21 PM by Naveen Anne

    REQ: How to import registry into Compliance?

      We need to find out a way how to import settings (from registry for example) and hard setup them into compliance. Cos adding registry setting one by one into it its too much time consuming and it can cause some errors/mistakes. If we would be able to import them and edit just some parts, it would be great.


      Check the attached screshot

        • 1. Re: REQ: How to import registry into Compliance?
          Bill Robinson

          You can use the blcli to do this - Template.addRegistryKeyPart or Template.addRegistryValuePart


          you can also use the blcli to create the rules.


          if you add the registry key and choose the 'recurse' option any child objects are automatically added as a part so you don't need to explictly add them.



          however, I ran into a problem w/ this, everytime you run one of the above commands it saves a copy of the template (adding parts or adding rules). if your template had thousands of parts or thousands of rules, all of the versions in the database will take up alot of space. otherwise it works fine. for a template w/ a hundred parts or something, you should be ok. i ran into problems when I was auto-creating templates that had 10,000 parts and associated rules.

          • 2. Re: REQ: How to import registry into Compliance?

            thx for your fast response...


            I would like to know if its also possible to do so inside BL configuration manager or just throu blcli?


            It would be great if u can send me some example of "ready" command (in blcli) how should it look like.



            • 3. Re: REQ: How to import registry into Compliance?
              Bill Robinson

              Ok, so there's 2 sets of files attached.


              The 'create_template.nsh' and 'sun_pkg_manage.txt' are what I originally used and are included for reference. They work, however they create a template based on a Solaris Package and a 'proto' file (the sun_pkg_manage.txt) which lists all of the files and directories in the package. I also use this manifest information to create compliance rules in the template.


              What you want to do is use the 'create_template_reg.nsh' and the 'reg_manifest.txt' files. Put all your registry keys/values into the txt file w/ the format:



              then you run the script like:

              (establish blcreds first)

              nsh create_template_reg.nsh reg_manifest.txt "/Template Group" "Template Name"


              However...I haven't tested the create_template_reg.nsh script yet, so it may fail horribly :) but the blcli commands in there should be valid, the text parsing I do in the script may be screwed up.


              If you have any questions, let me know, if you're not real familiar w/ scripting or the blcli I can get you going, just not sure where you are w/ that.

              • 4. Re: REQ: How to import registry into Compliance?

                Bill, thanks for your help we are getting bit closer ;)


                I added more detailed comments into that image so maybe u can understand better what needs to be done.


                If we use that script what u attached i would get those registry settings just into Part 1 window right?

                then i need to create Complaince rule for that in Part 2, right?


                I need to type all all the registry paths *.txt file where the script read from, right?

                Try to imagine to type there something with 50 or even more paths its really much time consuming.



                Then there is also one other problem what i find out...check reg.jpg screenshot


                1.) clipboard copy from Live/registry...

                FailureActions Registry Value REG_BINARY 00 00 00 00 00 00 00 00 00 00 ...


                2.) clipboard copy from registry export in windows




                3.) Correct clipboard copy from audit

                String Value 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 74 00 74 00 01 00 00 00 60 FFFFFFEA 00 00 01 00 00 00 60 FFFFFFEA 00 00 00 00 00 00 00 00 00 00


                Check it and try to imagine to get each value like this...

                Is the any normal way how to get the "correct" value which i can use for complaince? Thanks



                What we need is a bit easier way how to get those registry path/setting into Component Template...and after work with them/edit/change values what needs to be changed.


                What we are trying to do is a master template what we can run on all servers and be sure that all the values gonna be the same way as is in the template.

                Thats why we need to add all values into "complaince".


                Cos in nonsense making and adding each rule by hand...then what i thought is easier to export "master" registry and add them on each server and the result gonna be that we dont have such overview about the whole process and we dont need bladelogic to do so...

                • 5. Re: REQ: How to import registry into Compliance?
                  Bill Robinson

                  To get the value settings (the value of the registry value?) out of the registry you can export the key and it's values to a text file w/ regedit or reg.


                  then we run that though some unix text parsing to format it. the REG_BINARY might prove more difficult to parse properly, maybe we dump those into single files per value.


                  If you look in the attached scripts for the 'pkg' instead of the registry, you should see some examples of creating a compliance rule w/ the blcli. So we'd have a loop, that after adding the parts we'd go through and create the rules, and read in the values we need to comply to from our text files.

                  • 6. Re: REQ: How to import registry into Compliance?
                    Naveen Anne

                    I think Log Parser 2.2 can parse a Registry Object and output the data into a pre-specified file format.

                    You can create a package to deploy Log Parser to your target server. Then create an extended object to use the log parser program to parse the registry key and output the data to a file on that server. Then create a compliance rule to check for the data in that file.