Uninstall Option for GlobalProtect

Software Support
: Starting with PAN-OS 9.1 and GlobalProtect™ app 5.1 with Content Version 8207-5750.
OS Support
: Windows only
To prevent users from uninstalling the GlobalProtect app and getting around the security and compliance requirements you want to enforce, you can now configure a password that users must enter in order to uninstall GlobalProtect. After you set a password on the GlobalProtect portal and configure the dynamic app configuration to require the password for uninstallation, when the GlobalProtect app on the Windows endpoint connects to the portal and fetches the configuration, it saves the uninstall password settings to the registry.
  1. On the firewall configured to act as the GlobalProtect portal, select the app configuration.
    Select
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    .
  2. Use the
    Allow User to Uninstall GlobalProtect App
    option to allow users to uninstall the GlobalProtect app, prevent them from uninstalling the GlobalProtect app, or allow them to uninstall if they specify a password you create.
    • To allow users to uninstall the GlobalProtect app with no restrictions, select
      Allow
      .
    • To prevent users from uninstalling the GlobalProtect app, select
      Disallow
      .
    • To allow users to uninstall the GlobalProtect app with a password, select
      Allow with Password
      ; then, in the Uninstall GlobalProtect App section, enter an
      Uninstall Password
      and
      Confirm Uninstall Password
      .
      Based on your configuration, the following values are set in the Windows registry: Uninstall value = 0 for Allow; Uninstall value = 1 for Disallow; Uninstall value = 2 for Allow with Password.
  3. In the Uninstall GlobalProtect App section, enter an
    Uninstall Password
    and
    Confirm Uninstall Password
    .
  4. Click
    OK
    twice.
  5. Commit
    the configuration.

Recommended For You