Deploy Agent Settings in the Windows Registry

You can enable deployment of GlobalProtect agent settings to Windows clients prior to their first connection to the GlobalProtect portal by using the Windows registry. Use the options described in the following table to begin using the Windows registry to customize agent settings for Windows clients.
In addition to using Windows registry to deploy GlobalProtect agent settings, you can enable the GlobalProtect agent to collect specific Windows registry information from Windows clients. You can then monitor the data and add it to a security rule as matching criteria. Device traffic that matches registry settings you have defined can be enforced according to the security rule. Additionally, you can set up custom checks to Collect Application and Process Data From Clients.
  • Locate the GlobalProtect agent customization settings in the Windows registry.
    Open the Windows registry (enter
    regedit
    at the command prompt) and go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\
  • Set the portal name.
    If you do not want the user to manually enter the portal address even for the first connection, you can pre-deploy the portal address through the Windows registry: (
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup
    with key
    Portal
    ).
    portal-registry.png
  • Deploy various settings to the Windows client from the Windows registry, including configuring the connect method for the GlobalProtect agent and enabling single sign-on (SSO).
    View Customizable Agent Settings for a full list of the commands and values you can set up using the Windows registry.
  • Enable the GlobalProtect agent to wrap third-party credentials on the Windows client, allowing for SSO when using a third-party credential provider.

Related Documentation