Hi everyone, can I get help with an Analysis that would tell me if the dword value is anything OTHER THAN 00000000
I just want an analysis that tells me if this value of 00000000 has changed on any machine.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
“EnableMulticast”=dword:00000000
For example, if 00000000 has changed to 00000001 or anything other than 00000000 , then the report would show as such.
Any help would be appreciated.
Thanks.
Sno
(exists value "EnableMulticast" whose (0 != it as integer) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" of native registry)
Thanks, but I get an error on this that says “single expression refers to nonexistent object.”
Then the key doesn’t exist. You can use this to get either condition
(NOT exists value "EnableMulticast" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" of native registry) OR (exists value "EnableMulticast" whose (0 != it as integer) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" of native registry)
I might be a little confused, but the original ask could mean a few things.
I think we’re looking for the case where Multicast DNS name resolution is enabled. Which means the registry value is present, and set to a non-zero value.
The “Good” state then is either for the key to be missing, or be present and set to 0.
I think a variation on @baynes74 's original relevance maybe simpler… changing to plurals ‘keys’ and ‘values’, if the value is not present or set to zero this returns False (i.e. Not Relevant). If the value is present and set to a non-zero value this returns True (i.e. Relevant)
(exists values "EnableMulticast" whose (0 != it as integer) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" of native registry)