1. Home
    2. GlobalProtect
    3. GlobalProtect Administrator's Guide
    4. Set Up the GlobalProtect Infrastructure
    5. Deploy Agent Settings Transparently
    6. Deploy Agent Settings to Windows Endpoints
    7. Deploy Scripts Using the Windows Registry
    End-of-Life (EoL)

    Deploy Scripts Using the Windows Registry

    You can enable deployment of custom scripts to Windows endpoints using the Windows registry.
    You can configure the GlobalProtect agent to initiate and run a script for any or all of the following events: before and after establishing the tunnel, and before disconnecting the tunnel. To run the script at a particular event, reference the batch script from a command registry entry for that event.
    Depending on the configuration settings, the GlobalProtect agent can run a script before and after the agent establishes a VPN tunnel with the gateway, and before the agent disconnects from the VPN tunnel. Use the following workflow to get started using the Windows registry to customize agent settings for Windows clients.
    The registry settings that enable you to deploy scripts are supported in GlobalProtect clients running GlobalProtect agent 2.3 and later releases.
    1. Open the Windows registry, and locate the GlobalProtect agent customization settings.
      Open the Windows registry (enter
      regedit
       in the command prompt) and go to the location of the key depending on when you want to execute scripts (pre/post connect or pre disconnect):
      HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-connect 
HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connect 
HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-disconnect
      If the key does not exist within the
      Settings
       key, create it (right-click
      Settings
       and select
      New
      Key
      ).
    2. Enable the GlobalProtect agent to run scripts by creating a new String Value named
      command
      .
      The batch file specified here should contain the specific script (including any parameters passed to the script) that you want run on the device. For examples, see Windows OS Batch Script Examples.
      1. If the command string does not already exist, create it (right-click the pre-vpn-connect, post-vpn-connect, or pre-vpn-disconnect key, select
        New
        String Value
        , and name it
        command
        ).
      2. Right click command and select
        Modify
        .
      3. Enter the commands or script that the GlobalProtect agent should run. For example:
        %userprofile%\pre_vpn_connect.bat c: test_user
    3. (Optional) Add additional registry entries as needed for each command.
      Create or modify registry strings and their corresponding values, including context, timeout, file, checksum, or error-msg. For additional information, see Customizable Agent Settings.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo