: Starting with PAN-OS
9.1 and GlobalProtect™ app 5.1 with Content Version 8207-5750.
: Windows only
To prevent users from uninstalling
the GlobalProtect app and getting around the security and compliance
requirements you want to enforce, you can now configure a password
that users must enter in order to uninstall GlobalProtect. After
you set a password on the GlobalProtect portal and configure the
dynamic app configuration to require the password for uninstallation,
when the GlobalProtect app on the Windows endpoint connects to the
portal and fetches the configuration, it saves the uninstall password
settings to the registry.
On the firewall configured to act as the GlobalProtect
portal, select the app configuration.
Allow User to Uninstall GlobalProtect
option to allow users to uninstall the GlobalProtect
app, prevent them from uninstalling the GlobalProtect app, or allow
them to uninstall if they specify a password you create.
To allow users to uninstall the GlobalProtect app
with no restrictions, select
To prevent users from uninstalling the GlobalProtect app,
To allow users to uninstall the GlobalProtect app with a
Allow with Password
in the Uninstall GlobalProtect App section, enter an
Confirm Uninstall Password
on your configuration, the following values are set in the Windows
registry: Uninstall value = 0 for Allow; Uninstall value = 1 for Disallow;
Uninstall value = 2 for Allow with Password.
In the Uninstall GlobalProtect App section, enter an