GlobalProtect Administrator's Guide
  • GlobalProtect Administrator's Guide
  • GlobalProtect Documentation
  • All Documentation
>
Deploy App Settings in the Windows Registry
Focus
Download PDF
Focus
  1. Home
  2. GlobalProtect
  3. GlobalProtect Apps
  4. Deploy App Settings Transparently
  5. Deploy App Settings to Windows Endpoints
  6. Deploy App Settings in the Windows Registry
Download PDF
GlobalProtect

Deploy App Settings in the Windows Registry

Table of Contents

Deploy App Settings in the Windows Registry

Deploy GlobalProtect app settings to Windows endpoints and customize app settings using the Windows Registry.
You can enable deployment of GlobalProtect app settings to Windows endpoints prior to their first connection to the GlobalProtect portal by using the Windows Registry. Use the options described in the following table to use the Windows Registry to customize app settings for Windows endpoints.
In addition to using the Windows Registry to deploy GlobalProtect app settings, you can enable the GlobalProtect app to collect specific Windows Registry information from Windows endpoints. You can then monitor the data and add it to a security rule to use as matching criteria. Endpoint traffic that matches registry settings you define can be enforced according to the security rule. Additionally, you can set up custom checks to Collect Application and Process Data From Endpoints.
  1. Locate the GlobalProtect app customization settings in the Windows Registry.
    Open the Windows Registry (enter regedit on the command prompt) and go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\
  2. Set the portal name.
    If you do not want the end user to manually enter the portal address even for the first connection, you can pre-deploy the portal address through the Windows Registry.
    If you want to define all other app settings, you can define keys in the Windows Registry (HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\
    1. In the Window Registry, go to:
      HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup
    2. Right-click Portal and then select Modify.
    3. Enter the portal name in the Value data field, and then click OK.
  3. Deploy various settings to the Windows endpoint, including the connect method for the GlobalProtect app and SSO.
    View Customizable App Settings for a full list of the commands and values you can set up using the Windows Registry.
    You have the option to deploy connect before logon settings to the Windows endpoints prior to enabling end users to log in to the VPN before logging into the endpoint.
    You have the option to deploy GlobalProtect credential provider settings to the Windows endpoints to delay the GlobalProtect credential provider Windows sign-in request or enforce the GlobalProtect credential provider as the default sign-in option.
  4. Enable the GlobalProtect app to wrap third-party credentials on the Windows endpoint, allowing for SSO when using a third-party credential provider.
    Enable SSO Wrapping for Third-Party Credentials with the Windows Registry.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.