Registry Key Check

Automatically adjust Trust Levels and enforce security policies based on whether specific registry keys match their defined values on Windows devices

  • Updated on May 21, 2024

Registry Key Check Overview

Security policies often require that devices match certain configurations. One method of checking configurations is to evaluate a registry key’s value pairs. Using the Registry Key Check Trust Factor, admins can establish a list of keys with corresponding values required on devices in their organization. This Trust Factor supports Windows devices only.

Registry Key Overview

Adding a registry key to the Registry Key Check Trust Factor requires that admins enter the registry key’s location (i.e., the file path). The registry key path refers to the absolute path. A registry key must contain a key and a value associated with that key.

Matching Value Syntax

Registry Key Value Type REG Query Response Format
REG_BINARY String requires all uppercase letters
REG_DWORD Hexadecimal starting with 0x (e.g., 0xabcdef0123456789)
REG_QWORD Hexadecimal starting with 0x (e.g., 0xabcdef0123456789)
REG_EXPAND_SZ String (no change)
REG_MULTI_SZ String \0 separated
(e.g., login.live.com\0login.microsoft.com\0login.microsoftonline.com)
REG_SZ String (no change)

The highlighted inputs below (in orange font) are what admins would enter as values when configuring a registry key for the Registry Key Check Trust Factor.

Obtaining a REG_QWORD

reg query “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion” /v InstallTime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallTime REG_QWORD 0x1d8ea1fe663f985

Obtaining a REG_BINARY

reg query “HKLM\SYSTEM\Software\Microsoft\TIP\AggregateResults” /v timestamp

HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults timestamp REG_BINARY C0AB006400000000

Obtaining a REG_MULTI_SZ

reg query “HKLM\SOFTWARE\Microsoft\Windows\TenantRestrictions\TenantRestrictionsList” /v Hostnames

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\TenantRestrictions\TenantRestrictionsList Hostnames REG_MULTI_SZ login.live.com\0login.microsoft.com\0login.microsoftonline.com\0login.windows.net\0login.microsoftonline.us\0login.microsoftonline.de\0login.chinacloudapi.cn

How to add a registry key to the Registry Key Check Trust Factor

1. In the Command Center, navigate from Trust > Profiles. Then, select the Registry Key Check Trust Factor on an existing Trust Profile, and select + Add Registry Key.

2. Enter a registry key name.

3. Enter a file path. The file path can be set relative to the root.

4. Enter a key and a corresponding value.

5. Select Save.

How to edit or delete a registry key from the Registry Key Check Factor

1. Navigate to an existing Trust Profile and then to its Trust Factors tab.

2. To delete a selected registry key, locate the Registry Key Check factor, hover over the selected property list name, and select the x.

3. To edit a selected registry key, locate the Registry Key Check factor, hover over the selected property list name, and select the name. This will allow you to modify the registry key name, the file path, the key, and/or the value.