: Starting with PAN-OS
9.1 and GlobalProtect™ app 5.1 with Content Version 8207-5750.
OS
Support
: Windows only
To prevent users from uninstalling
the GlobalProtect app and getting around the security and compliance
requirements you want to enforce, you can now configure a password
that users must enter in order to uninstall GlobalProtect. After
you set a password on the GlobalProtect portal and configure the
dynamic app configuration to require the password for uninstallation,
when the GlobalProtect app on the Windows endpoint connects to the
portal and fetches the configuration, it saves the uninstall password
settings to the registry.
On the firewall configured to act as the GlobalProtect
portal, select the app configuration.
Select
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
.
Use the
Allow User to Uninstall GlobalProtect
App
option to allow users to uninstall the GlobalProtect
app, prevent them from uninstalling the GlobalProtect app, or allow
them to uninstall if they specify a password you create.
To allow users to uninstall the GlobalProtect app
with no restrictions, select
Allow
.
To prevent users from uninstalling the GlobalProtect app,
select
Disallow
.
To allow users to uninstall the GlobalProtect app with a
password, select
Allow with Password
; then,
in the Uninstall GlobalProtect App section, enter an
Uninstall
Password
and
Confirm Uninstall Password
.
Based
on your configuration, the following values are set in the Windows
registry: Uninstall value = 0 for Allow; Uninstall value = 1 for Disallow;
Uninstall value = 2 for Allow with Password.
In the Uninstall GlobalProtect App section, enter an