2 Replies Latest reply on Jan 28, 2013 10:29 AM by Joe Piotrowski

    Question about registry key values and Compliance

    Joe Piotrowski

      I'm building a Compliance Component Template checking the values of registry keys. In this example I need to check to see if the value equals 65536.


      The BSA registry key object has a String Value: 0x00010000 (65536)


      If I set the Rule as:


      "Registry Value:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00"."String Value (Windows)" equals 65536


      it fails. But if I set it to the hex value of 0x00010000 it succeeds. Is there any way to change this to use the decimal value to check instead?

        • 1. Re: Question about registry key values and Compliance
          Joe Piotrowski

          It seems as though this might be an intended design. If it's a String Value I can check for a number in hex format, or the value can be a text string. Both seem to work.


          But this only seems to work if the registry key is a DWORD (REG_DWORD) value, which BSA calls "Data Value." But if the registry key is a String Value (REG_SZ) I can't seem to get a compliance Rule to recognize it.


          Here is an example:

          Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe

          Name: explorer.exe

          String Value: 1

          Data Type: REG_SZ


          Here is my Compliance Rule:

          "Registry Value:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe" exists  AND

          "Registry Value:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe"."String Value (Windows)" = "1"


          Neither of these conditions pass. Changing the second condition value to hex (0x00000001) doesn't work, and changing the "String Value (Windows)" to "Integer Value (Windows)" doesn't work either.

          • 2. Re: Question about registry key values and Compliance
            Joe Piotrowski

            I found the problem. I'm creating hundreds of Rules so in order to speed up the process I was copying the registry key information from the live browsed object, pasting it into Notepad, editing it, and pasting it into my Rule.


            For example I would copy:

            Path     HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\DisableEPMCompat


            From the browsed object, paste it into Notepad and edit it to:

            "Registry value:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\DisableEPMCompat"


            Then I would copy this and paste it into the Compliance Rule. This worked for 125 Rules, but failed for 24 of them.


            The workaround was to go back into the Rules that were failing, and instead of copying/pasting the registry key in, I browsed and selected the registry key from the pull down menu instead. For some reason this worked, even though the text strings were identical. I'm wondering if Notepad was including a hidden character that was causing BSA to not recognize it.