Answered
Registry key help needed
Hi all, I've had my first attempt at setting up a collection based on a registry key value, specifically the HiberbootEnable flag, so that I can switch this feature off. I'm seeing systems in the results that cannot have this feature switched on though, as they are running versions of Windows prior to 10. So I don't trust that I have understood the way this works.
My scan profile looks like this.
And my collection filter looks like this.
Have I got this right?
0
Comments
For the dynamic collection, instead of filtering for the path HKLM\CurrentControlSet\Control\Session Manager\Power\Hiberbootenabled, try this:
Hi GWhite, thanks for your suggestion. I'm sure you are correct, but it hasn't changed the results. I still can't explain why I'm seeing systems running Windows 7, Server 2008 R2 and Server 2012. The small sample of machines I checked have different settings which don't show any pattern.
For instance a machine running Win7 which doesn't have this key along with machines running Server 2012 R2 and Server 2016 which do have the key but set to 0, all appear in the results.
Puzzling!
I too have a mix of Windows 7 and Windows 10, plus servers of course. I will do some testing and see if I can get to report correctly. While I do that, is your dynamic collection at the root or is it a sub-collection? I ask because I notice you do not have 'drill down from parent collection' selected and didn't know if that was skewing your results.
I was able to have only computers with HiberbootEnabled with a value of 1 added to the collection. I used the same scan profile as you and modified my collection slightly as shown below. Hopefully it works for you too.
I just took another look at your original collection screenshot. Change the Group Filter from Any to All. Any will return results for anything it finds with a value of 1, but not necessarily matching only the HiberbootEnabled key.
I watched the webinar on filtering and thought that might be the answer. Using All returns 0 systems with Fast Startup enabled which I know is not true. I must be missing something fundamental here.
Ah, I missed your earlier post. That was the answer, changing path to value name. Thanks!
I edited your post to fix the images.
Thanks Colby, how do I get inline images for next time?
I'm not sure how you didn't the first time đŸ˜„
When you hit the Image button, it should format everything correctly.
Please sign in to leave a comment.