Deploy Scripts Using the Windows Registry
You can enable deployment of custom scripts to Windows endpoints using the Windows registry.
You can configure the GlobalProtect agent to initiate and run a script for any or all of the following events: before and after establishing the tunnel, and before disconnecting the tunnel. To run the script at a particular event, reference the batch script from a command registry entry for that event.
Depending on the configuration settings, the GlobalProtect agent can run a script before and after the agent establishes a VPN tunnel with the gateway, and before the agent disconnects from the VPN tunnel. Use the following workflow to get started using the Windows registry to customize agent settings for Windows clients.
The registry settings that enable you to deploy scripts are supported in GlobalProtect clients running GlobalProtect agent 2.3 and later releases.
- Open the Windows registry, and locate the GlobalProtect
agent customization settings.Open the Windows registry (enter regedit in the command prompt) and go to the location of the key depending on when you want to execute scripts (pre/post connect or pre disconnect):
HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-connect HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connect HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-disconnectCode copied to clipboardUnable to copy due to lack of browser support.If the key does not exist within the Settings key, create it (right-click Settings and select NewKey).
- Enable the GlobalProtect agent to run scripts by creating
a new String Value named command.The batch file specified here should contain the specific script (including any parameters passed to the script) that you want run on the device. For examples, see Windows OS Batch Script Examples.
- If the command string does not already exist, create it (right-click the pre-vpn-connect, post-vpn-connect, or pre-vpn-disconnect key, select NewString Value, and name it command).
- Right click command and select Modify.
- Enter the commands or script that the GlobalProtect
agent should run. For example:
%userprofile%\pre_vpn_connect.bat c: test_userCode copied to clipboardUnable to copy due to lack of browser support.
- (Optional) Add additional registry entries as needed
for each command.Create or modify registry strings and their corresponding values, including context, timeout, file, checksum, or error-msg. For additional information, see Customizable Agent Settings.
Deploy Agent Settings to Windows Endpoints
Deploy Agent Settings to Windows Endpoints Use Windows registry or the Windows Installer (Msiexec) to deploy the GlobalProtect agent and settings to Windows clients transparently. ...
Windows OS Batch Script Examples
Windows OS Batch Script Examples You can configure the GlobalProtect agent to initiate and run a script for any or all of the following events: ...
Deploy Scripts Using Msiexec
Deploy Scripts Using Msiexec On Windows endpoints, you can use the Windows Installer (Msiexec) to deploy the agent, agent settings, and scripts that the agent ...
Script Deployment Options
Script Deployment Options The following table displays options that enable GlobalProtect to initiate scripts before and after establishing a VPN tunnel and before disconnecting a ...
Deploy Agent Settings in the Windows Registry
Deploy Agent Settings in the Windows Registry You can enable deployment of GlobalProtect agent settings to Windows clients prior to their first connection to the ...
Deploy Scripts Using the Mac Plist
Deploy Scripts Using the Mac Plist When a user connects to the GlobalProtect gateway for the first time, the GlobalProtect agent downloads a configuration file ...
Example: Use Msiexec to Deploy Scripts that Run Before a Co...
Example: Use Msiexec to Deploy Scripts that Run Before a Connect Event For a script that you can copy and paste, go here . msiexec.exe ...
Customizable Agent Settings
Customizable Agent Settings In addition to pre-deploying the portal address, you can also define the agent configuration settings. To Deploy Agent Settings to Windows Endpoints ...
Customize the GlobalProtect Agent
Customize the GlobalProtect Agent The portal agent configuration allows you to customize how your end users interact with the GlobalProtect agents installed on their systems ...