system
1
(imported topic written by SystemAdmin)
Hi All,
Can anyone help me regarding relevance against the Wow6432Node key of the registry. I took at look at postings http://forum.bigfix.com/viewtopic.php?id=3471 and http://forum.bigfix.com/viewtopic.php?id=2058, but did not get the results that I expected.
I have the following relevance:
exist key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” of x64 registry
and it returns false on a WinXP x64. The actual key path on this machine is “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SharedDefs”
Thanks
BenKus
2
(imported comment written by BenKus)
Try this:
If I am not mistaken, these two queries look in the same place:
-
exist key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” of registry
-
exist key “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SharedDefs” of x64 registry
So basically “x64 registry” looks at the “real” key and the default “registry” on an x64 system looks at the redirected registry.
Ben
system
3
(imported comment written by SystemAdmin)
Thanks Ben,
Is it possible to search both with one statement or do you have to use put both in the relevance?
BenKus
4
(imported comment written by BenKus)
You will need to write two relevance statements to check both places…
Note you can say “of native registry” and it will check x32 or x64 branches of the registry depending on the architecture…
Ben