Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 4

Retrieving client registry data

1) How can ePO be used to retrieve a clients info? Specifically, I'm looking for a computer's DN. I thought ePO could pull registry info, but I'm not seeing where to do this.

2) Can ePO perform actions based on this returned data? I'd like to sort some machines based on the return.

One spot for the DN in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine ==> Distinguished-Name

Thanks for any help or suggestions!


3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Retrieving client registry data

Please bear in mind the primary function of ePO is to manage and report on McAfee installed applications rather than general machine system information.

Having said that sometimes the two do overlap, and in fact if your McAfee entitlement allows you should look for the System Information Reporter (SIR) application that allows you to more generally query system properties, environment variables, registry key values, and other installed software on your managed nodes.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Retrieving client registry data

You could also use the EEDK to create an ePO package that would run a script that copy the value of the key and then populate one of the McAfee custom properties keys. The Agent would then report this back into ePO.You can then also report on it.

We do something very similar here and find it works well.

Level 7
Report Inappropriate Content
Message 4 of 4

Re: Retrieving client registry data

Hey Steve,

I had some thoughts in the past using Distinguished Name or computer groups for ePO, here are some comments that might help:

  1. As you probably know by now, ePO in general and policy assignment rules mostly support AD user group and not computer groups. This is annoying if you want a policy to stick to a machine regardless the user who login.
  2. If you are only looking to sort machines based on DN, I think you can use the Active Directory synchronization and define the containers you want with option " Move systems from their current System Tree location to the synchronized group".
  3. DN originate from AD not registry, therefore, another option is to use an external server backhand that will find the information from AD, export to CSV of host list and using a server task action ("load systems from file") you can apply those systems any action you want based on a schedule.
  4. If you want to read the registry and act on the results you could follow the EEDK path as Schmiewliski suggested and updated the McAfee Agent custom properties.

Good luck

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community