GlobalProtect
Deploy Scripts Using the Windows Registry
Table of Contents
Deploy Scripts Using the Windows Registry
You can enable deployment of custom scripts
to Windows endpoints using the Windows Registry.
You can configure
the GlobalProtect app to initiate and run a script for any or all
of the following events: before and after establishing the tunnel,
and before disconnecting the tunnel. To run the script at a particular
event, reference the batch script from a command registry entry
for that event.
Depending on the configuration settings, the
GlobalProtect app can run a script before and after the app establishes
a connection to the gateway, and before the app disconnects. Use
the following workflow to use the Windows Registry to customize
app settings for Windows endpoints.
The registry settings
that enable you to deploy scripts are supported on endpoints running
GlobalProtect App 2.3 and later releases.
- Open the Windows registry, and locate the GlobalProtect app
customization settings.Open the Windows registry (enter regedit in the command prompt) and go to one of the following key locations, depending on when you want to execute scripts (pre/post connect or pre disconnect):HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-connectHKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connectHKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-disconnectIf the key does not exist within the Settings key, create it by right-clicking Settings and selecting ).
- Enable the GlobalProtect app to run scripts by creating
a new String Value named command.The batch file specified here should contain the specific script (including any parameters passed to the script) that you want run on the device.
- If the command string does not already exist, create it by right-clicking the pre-vpn-connect, post-vpn-connect, or pre-vpn-disconnect key, selecting , and naming it command).
- Right click command, and then select Modify.
- Enter the commands or script that the GlobalProtect
app should run. For example:
%userprofile%\pre_vpn_connect.bat c:test_user![]()
- (Optional) Add additional registry entries as
needed for each command.Create or modify registry strings and their corresponding values, including context, timeout, file, checksum, or error-msg. For additional information, see Customizable App Settings.
