Focus

GlobalProtect

Deploy Scripts Using the Windows Registry

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1
User Guide
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.2
- 5.1
Release Notes
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1

Deploy App Settings from Msiexec

Deploy Scripts Using Msiexec

Deploy Scripts Using the Windows Registry

Enable deployment of custom scripts to Windows endpoints that run before and after tunnel establishment or before disconnecting the tunnel

You can enable deployment of custom scripts to Windows endpoints using the Windows Registry.

You can configure the GlobalProtect app to initiate and run a script for any or all of the following events: before and after establishing the tunnel, and before disconnecting the tunnel. To run the script at a particular event, reference the batch script from a command registry entry for that event.

Depending on the configuration settings, the GlobalProtect app can run a script before and after the app establishes a connection to the gateway, and before the app disconnects. Use the following workflow to use the Windows Registry to customize app settings for Windows endpoints.

The registry settings that enable you to deploy scripts are supported on endpoints running GlobalProtect App 2.3 and later releases.

Open the Windows registry, and locate the GlobalProtect app customization settings.

Open the Windows registry (enter

regedit

in the command prompt) and go to one of the following key locations, depending on when you want to execute scripts (pre/post connect or pre disconnect):

HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-connect

HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connect

HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-disconnect

If the key does not exist within the

Settings

key, create it by right-clicking

Settings

and selecting

New

Key

Enable the GlobalProtect app to run scripts by creating a new String Value named

command

The batch file specified here should contain the specific script (including any parameters passed to the script) that you want run on the device.

If the

command

string does not already exist, create it by right-clicking the

pre-vpn-connect

post-vpn-connect

, or

pre-vpn-disconnect

key, selecting

New

String Value

, and naming it

command

Right click

command

, and then select

Modify

Enter the commands or script that the GlobalProtect app should run. For example:

%userprofile%\pre_vpn_connect.bat c:test_user

(Optional) Add additional registry entries as needed for each command.

Create or modify registry strings and their corresponding values, including

context

timeout

file

checksum

, or

error-msg

. For additional information, see Customizable App Settings.

Deploy App Settings from Msiexec

Deploy Scripts Using Msiexec

GlobalProtect Docs

Deploy Scripts Using the Windows Registry

GlobalProtect Docs

Deploy Scripts Using the Windows Registry

Recommended For You

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner