Deploy Scripts Using the Windows Registry
You can enable deployment of custom scripts to Windows endpoints using the Windows Registry.
You can configure the GlobalProtect app to initiate and run a script for any or all of the following events: before and after establishing the tunnel, and before disconnecting the tunnel. To run the script at a particular event, reference the batch script from a command registry entry for that event.
Depending on the configuration settings, the GlobalProtect app can run a script before and after the app establishes a connection to the gateway, and before the app disconnects. Use the following workflow to use the Windows Registry to customize app settings for Windows endpoints.
The registry settings that enable you to deploy scripts are supported on endpoints running GlobalProtect App 2.3 and later releases.
- Open the Windows registry, and locate the GlobalProtect
app customization settings.Open the Windows registry (enter regedit in the command prompt) and go to one of the following key locations, depending on when you want to execute scripts (pre/post connect or pre disconnect):HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-connectHKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connectHKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-disconnectIf the key does not exist within the Settings key, create it by right-clicking Settings and selecting NewKey).
- Enable the GlobalProtect app to run scripts by creating
a new String Value named command.The batch file specified here should contain the specific script (including any parameters passed to the script) that you want run on the device.
- If the command string does not already exist, create it by right-clicking the pre-vpn-connect, post-vpn-connect, or pre-vpn-disconnect key, selecting NewString Value, and naming it command).
- Right click command, and then select Modify.
- Enter the commands or script that the GlobalProtect
app should run. For example:
%userprofile%\pre_vpn_connect.bat c: test_user
- (Optional) Add additional registry entries as
needed for each command.Create or modify registry strings and their corresponding values, including context, timeout, file, checksum, or error-msg. For additional information, see Customizable App Settings.
Deploy App Settings to Windows Endpoints
Deploy App Settings to Windows Endpoints Use the Windows Registry or Windows Installer (Msiexec) to transparently deploy the GlobalProtect app and settings to Windows endpoints. ...
Customizable App Settings
Customizable App Settings In addition to pre-deploying the portal address, you can also define the app settings. To Deploy App Settings to Windows Endpoints you ...
Deploy Scripts Using Msiexec
Deploy Scripts Using Msiexec On Windows endpoints, you can use the Windows Installer (Msiexec) to deploy the GlobalProtect app, app settings, and scripts that the ...
Script Deployment Options
Script Deployment Options The following table displays options that enable GlobalProtect to initiate scripts before and after establishing a connection and before disconnecting. Because these ...
Deploy App Settings in the Windows Registry
Deploy App Settings in the Windows Registry You can enable deployment of GlobalProtect app settings to Windows endpoints prior to their first connection to the ...
Deploy Scripts Using the Mac Plist
Deploy Scripts Using the macOS Plist When a user connects to the GlobalProtect gateway for the first time, the GlobalProtect app downloads the configuration file ...
Collect Application and Process Data From Endpoints
Collect Application and Process Data From Endpoints The Windows Registry and macOS plist can be used to configure and store settings for Windows and Mac ...
Enable SSO Wrapping for Third-Party Credentials with the Wi...
Enable SSO Wrapping for Third-Party Credentials with the Windows Registry Use the following steps in the Windows Registry to enable SSO to wrap third-party credentials ...
Remote Access VPN with Pre-Logon
Remote Access VPN with Pre-Logon Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is ...