3 Replies Latest reply on Apr 21, 2015 5:56 AM by akucyn

    Retrieving client registry data


      1) How can ePO be used to retrieve a clients info? Specifically, I'm looking for a computer's DN. I thought ePO could pull registry info, but I'm not seeing where to do this.


      2) Can ePO perform actions based on this returned data? I'd like to sort some machines based on the return.


      One spot for the DN in the registry:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine ==> Distinguished-Name


      Thanks for any help or suggestions!


        • 1. Re: Retrieving client registry data

          Please bear in mind the primary function of ePO is to manage and report on McAfee installed applications rather than general machine system information.


          Having said that sometimes the two do overlap, and in fact if your McAfee entitlement allows you should look for the System Information Reporter (SIR) application that allows you to more generally query system properties, environment variables, registry key values, and other installed software on your managed nodes.

          • 2. Re: Retrieving client registry data
            Steve Chmiewliski

            You could also use the EEDK to create an ePO package that would run a script that copy the value of the key and then populate one of the McAfee custom properties keys. The Agent would then report this back into ePO.You can then also report on it.

            We do something very similar here and find it works well.

            • 3. Re: Retrieving client registry data

              Hey Steve,


              I had some thoughts in the past using Distinguished Name or computer groups for ePO, here are some comments that might help:

              1. As you probably know by now, ePO in general and policy assignment rules mostly support AD user group and not computer groups. This is annoying if you want a policy to stick to a machine regardless the user who login.
              2. If you are only looking to sort machines based on DN, I think you can use the Active Directory synchronization and define the containers you want with option " Move systems from their current System Tree location to the synchronized group".
              3. DN originate from AD not registry, therefore, another option is to use an external server backhand that will find the information from AD, export to CSV of host list and using a server task action ("load systems from file") you can apply those systems any action you want based on a schedule.
              4. If you want to read the registry and act on the results you could follow the EEDK path as Schmiewliski suggested and updated the McAfee Agent custom properties.


              Good luck