I want to get the onboarding information from the registry but for some reason it’s failing on the key. I have used PSExect to launch Fixlet Debugger as System account and it still fails.
I can get as far as Microsoft before it starts to fail.
What am I doing wrong?
The Bigfix client is a 32 bit app so will calls to “registry” for “HKLM\Software” will be subject to wow64 redirection to the 32 bit hive, HKLM\Software\Wow6432Node. To inspect the 64 bit hive, either use the “native registry” inspector or inspect both x32 and x64 bit hives.
Q: exists key "HKLM\Software\Microsoft\Windows Advanced Threat Protection\Status" of native registry
A: True
T: 0.188 ms
I: singular boolean
Q: exists key "HKLM\Software\Microsoft\Windows Advanced Threat Protection\Status" of (x32 registries ; x64 registries)
A: True
T: 0.122 ms
I: singular booleanThat works. So I expanded this.
(value “OnboardingState” of it as string) of key “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” of (x32 registries ; x64 registries)
How do I make it return True for 1 and False for 0 instead of the number?
exists values "OnboardingState" whose (it as string = "1") of keys "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status" of (x32 registries ; x64 registries)
edit: fixed doublequotes
Oh, duh… I was making it way to complex. Thank you both.