Pretty Please - I really need this anaylses

(imported topic written by RobertDiRosato)

I need to poll my server endpoints to see if network level authentication is enabled.

I tried these but everything comes back false

If (value

“UserAuthentication”

of key

“HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp”

of registry) = “1” Then “True” Else “False”

If (value

“UserAuthentication”

of key

“HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp”

of registry) = “0x00000001” Then “True” Else “False”

Reg Infon

Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp

Value: UserAuthentication

Data: 1

(Note Data is 1 but i believe it’s stores as a Hex 32 bit DWORD and looks like this 0x00000001)

If you can give me an example like above I’d appreciate it. (Not in Q: A: form thanks)

Basically if that value = 1 then true else false.

Thanks in advance for your help…

(imported comment written by NoahSalzman)

Get rid of the quotes around the 1. The quotes make it a string. You want to compare to a type of integer not string.

q: value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry

A: 1

q: value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry = 1

A: True

q: value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry = “1”

A: False

q: type of value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry

A: REG_DWORD

Also, regarding answers in Q/A form… why not just remove the “Q:” in front of the Relevance? :slight_smile:

(imported comment written by RobertDiRosato)

Thanks …

This worked Thanks to Noah

if (value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry) = 1 then “YES” Else “NO”

I’m new to relevance… So Q: and A: form still leaves a bit of grey area for me…

So I like your example 2 would it be written like this?

if value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry = 1 then “YES” Else “NO”

This is for Analyse… So I assume just removing the Q: would not work and I would have to write it like so…

if (value “BESInstalled” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” of registry) = 1 then “YES” Else “NO”

It worked thanks

Also thanks for the tip about the difference between 1 and “1”

(imported comment written by RobertDiRosato)

Sorry this is the one that worked…

if (exists value “UserAuthentication” whose (it = 1) of key “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp” of registry) then “ON” else “OFF”

(imported comment written by RobertDiRosato)

Sorry this is the one that worked…

if (exists value “UserAuthentication” whose (it = 1) of key “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp” of registry) then “ON” else “OFF”