Registry key help needed
AnsweredHi all, I've had my first attempt at setting up a collection based on a registry key value, specifically the HiberbootEnable flag, so that I can switch this feature off. I'm seeing systems in the results that cannot have this feature switched on though, as they are running versions of Windows prior to 10. So I don't trust that I have understood the way this works.
My scan profile looks like this.
And my collection filter looks like this.
Have I got this right?
-
Hi GWhite, thanks for your suggestion. I'm sure you are correct, but it hasn't changed the results. I still can't explain why I'm seeing systems running Windows 7, Server 2008 R2 and Server 2012. The small sample of machines I checked have different settings which don't show any pattern.
For instance a machine running Win7 which doesn't have this key along with machines running Server 2012 R2 and Server 2016 which do have the key but set to 0, all appear in the results.
Puzzling!
-
I too have a mix of Windows 7 and Windows 10, plus servers of course. I will do some testing and see if I can get to report correctly. While I do that, is your dynamic collection at the root or is it a sub-collection? I ask because I notice you do not have 'drill down from parent collection' selected and didn't know if that was skewing your results.
Please sign in to leave a comment.
Comments
10 comments