exists value “ProxyEnable” whose (it = 1) of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings” of current user keys (logged on users) of registry
what i wrote was the following (ended up changing it to ProxyServer), but it gives the following return on computers in my analysis
either: error, or not reported
(exists logged on users) and (exists value “ProxyServer” of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings” of current user keys (logged on users) of registry) and (value “ProxyServer” of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings” of current user keys (logged on users) of registry = “someValueThatIWasSearchingFor”)
thanks. I modified your suggestion above to include the ProxyServer and it is providing me the results I expected. I really appreciate your help. Have a great day.
I noticed that I need to check if the ProxyEnable is equal to 1 and if it is then is the ProxyServer value equal to “myvalue” then report True. If not, then report False.
Will this work? I cannot run it in my debugger to check.
if (exists value “ProxyEnable” whose (it = 1) of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings” of current user keys (logged on users) of registry) and (exists value “ProxyServer” whose (it = “myvalue”) of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings” of current user keys (logged on users) of registry) then “True” else “False”
Anytime you find yourself writing a relevance clause in the form:
if (something) then “True” else “False”
You can always simplify your expression by removing the if statement and just returning a boolean instead.
For example, I would re-write your clause like this:
conjunction of ((exists value “ProxyEnable” whose (it = 1) of it AND exists value “ProxyServer” whose (it = “myvalue”) of it) of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings” of current user keys (logged on users) of registry)
Not that yours won’t work, but why waste bytes and microseconds?
hello - i am also looking to find a value which contains specific characters such as a 3 for the following key:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\ with value “OEMDuplicatorString” I am a newby to bigfix and relevance language, I want to return TRUE or FALSE? Any suggestions? The “OEMDuplicatorString” is a Multi_String type.
if value “OEMDuplicatorString” of key “HKEY_LOCAL_MACHINE\SYSTEM\Setup” of registry as string contains “SOE” then (value “OEMDuplicatorString” of key “HKEY_LOCAL_MACHINE\SYSTEM\Setup” of registry as string) else (“NON SOE”)
This seems to do it! Now how do I filter OUT computers which are NON SOE using bigfix?