Fortinet black logo

New Features

Home FortiClient 7.2.0 New Features
7.2.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0

DWORD and string value support for registry key tagging rule

DWORD and string value support for registry key tagging rule

When configuring a registry key Zero Trust tagging rule, the Value field supports entering DWORD and string values.

To enter a DWORD value in the Value field, use the format dword:<dword value>. For example, if the DWORD value is 1, you would enter dword:1 in the Value field.

To enter a string value in the Value field, use the format "<string>". For example, if the string value is 1111, you would enter "1111" in the Value field.

This example assumes that the following values exist in the registry:

Key name Value Value type
"NoAutoUpdate" 0x00000001 DWORD
"Test" 1111 String
"SOM" "OU=LabDog OU,DC=ad,DC=labdog" String

"DsPath"

"cn={9CD1296C-DBB8-4B2E-B092-72AFB1E502D7},cn=policies,cn=system,DC=ad,DC=labdog"

String

In this example, all keys are in the same registry location: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.

The following describes how to configure Zero Trust tagging rules to tag for the presence of the aforementioned key values.

To configure rules to tag for DWORD and string values:
  1. In EMS, go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Configure a rule for the key-value pair "NoAutoUpdate":0x00000001 by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "NoAutoUpdate".
    5. In the Value field, enter dword:1.
    6. Click Save.
    7. Configure other fields as desired, then click Save.

  3. Configure a rule for the key-value pair "Test":1111 by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "Test".
    5. In the Value field, enter "1111".
    6. Click Save.
    7. Configure other fields as desired, then click Save.
  4. Configure a rule for the key-value pair "SOM":"OU=LabDog OU,DC=ad,DC=labdog" by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "SOM".
    5. In the Value field, enter "OU=LabDog OU,DC=ad,DC=labdog".
    6. Click Save.
    7. Configure other fields as desired, then click Save.
  5. Configure a rule for the key-value pair "DsPath":"cn={9CD1296C-DBB8-4B2E-B092-72AFB1E502D7},cn=policies,cn=system,DC=ad,DC=labdog" by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "DsPath".
    5. In the Value field, enter "cn={9CD1296C-DBB8-4B2E-B092-72AFB1E502D7},cn=policies,cn=system,DC=ad,DC=labdog".
    6. Click Save.
    7. Configure other fields as desired, then click Save.

  6. On an endpoint where all configured key values are present, go to the FortiClient user details page. Confirm that all tags appear as configured. In EMS, confirm the same by going to the endpoint's detailed view in Endpoints > All Endpoints.
Previous
Next

DWORD and string value support for registry key tagging rule

When configuring a registry key Zero Trust tagging rule, the Value field supports entering DWORD and string values.

To enter a DWORD value in the Value field, use the format dword:<dword value>. For example, if the DWORD value is 1, you would enter dword:1 in the Value field.

To enter a string value in the Value field, use the format "<string>". For example, if the string value is 1111, you would enter "1111" in the Value field.

This example assumes that the following values exist in the registry:

Key name Value Value type
"NoAutoUpdate" 0x00000001 DWORD
"Test" 1111 String
"SOM" "OU=LabDog OU,DC=ad,DC=labdog" String

"DsPath"

"cn={9CD1296C-DBB8-4B2E-B092-72AFB1E502D7},cn=policies,cn=system,DC=ad,DC=labdog"

String

In this example, all keys are in the same registry location: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.

The following describes how to configure Zero Trust tagging rules to tag for the presence of the aforementioned key values.

To configure rules to tag for DWORD and string values:
  1. In EMS, go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Configure a rule for the key-value pair "NoAutoUpdate":0x00000001 by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "NoAutoUpdate".
    5. In the Value field, enter dword:1.
    6. Click Save.
    7. Configure other fields as desired, then click Save.

  3. Configure a rule for the key-value pair "Test":1111 by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "Test".
    5. In the Value field, enter "1111".
    6. Click Save.
    7. Configure other fields as desired, then click Save.
  4. Configure a rule for the key-value pair "SOM":"OU=LabDog OU,DC=ad,DC=labdog" by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "SOM".
    5. In the Value field, enter "OU=LabDog OU,DC=ad,DC=labdog".
    6. Click Save.
    7. Configure other fields as desired, then click Save.
  5. Configure a rule for the key-value pair "DsPath":"cn={9CD1296C-DBB8-4B2E-B092-72AFB1E502D7},cn=policies,cn=system,DC=ad,DC=labdog" by doing the following:
    1. Click Add, then Add Rule.
    2. From the Rule Type dropdown list, select Registry Key.
    3. In the Key field, enter [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU].
    4. In the Key Name field, enter "DsPath".
    5. In the Value field, enter "cn={9CD1296C-DBB8-4B2E-B092-72AFB1E502D7},cn=policies,cn=system,DC=ad,DC=labdog".
    6. Click Save.
    7. Configure other fields as desired, then click Save.

  6. On an endpoint where all configured key values are present, go to the FortiClient user details page. Confirm that all tags appear as configured. In EMS, confirm the same by going to the endpoint's detailed view in Endpoints > All Endpoints.
Previous
Next