Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anders_Gustafss
Explorer

How do I do an "or" chooise in $FWDIR/conf/local.scv

Hi,

We have been using a SCV register check on our Windows 10 computers Mobile VPN clients for some years but we placed the registry check value in a "bad place" so every time we upgrade Window 10 the registry is updated and our registry value is deleted. 
Now we want to change the registry value to a "safer place" in registry and want to complement the $FWDIR/conf/local.scvfile with an "or" chooise so we can push out new Windows 10 images with the updated place i registry.

So my question is, how do we do an "or" chooise between two registry values in $FWDIR/conf/local.scv?

I can´t find any examples how to do this, but I hope it isn´t impossible and that someone know how to do it.

Regards
Anders

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

Here's a slightly modified example from: https://community.checkpoint.com/t5/Remote-Access-VPN/Real-World-local-scv-Example/m-p/81381/highlig... 

		: (RegMonitor
			:type (plugin)
			:parameters (
				:begin_or (1)
                                        :string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=DomainA")
					:string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=DomainB")
				:end (or1)
				:begin_admin (admin)
					:send_log (alert)
					:mismatchmessage ("Must be member of DomainA or DomainB")
				:end (admin)
			)
		)

 

0 Kudos
Anders_Gustafss
Explorer

Many thank´s PhoneBoy, you made my day 🙂

0 Kudos
Air
Contributor

Hello,

Can you help?

I want check two different option in RegMonitor and write different message for every option.

Example: 1. check domain and 2. own record in registry.

And if 1 pass and 2 don't pass that send message about 2 option. If two option mismatch that two different message:

 



 

: (RegMonitor
:type (plugin)
:string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=def.domain")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your computer doesn't meet the domain membership requirements. Domain must be def.domain")
:end (admin)
:string ("SOFTWARE\WOW6432Node\Security Status="Red")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your computer Status Red. Please update status to Green.")
:end (admin)
)​

 

0 Kudos
PhoneBoy
Admin
Admin

For that, I believe you need two RegMonitor stanzas

  : (RegMonitor
    :type (plugin)
    :parameters (
       :string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=DomainA")
       :begin_admin (admin)
         :send_log (alert)
         :mismatchmessage ("Must be member of DomainA")
       :end (admin)
    )
  )
  : (RegMonitor
    :type (plugin)
    :parameters (
      :string ("SOFTWARE\WOW6432Node\Security Status="Red")
      :begin_admin (admin)
        :send_log (alert)
        :mismatchmessage ("Change computer status to Green")
      :end (admin)
    )
  )

 

 

0 Kudos
Air
Contributor

Unfortunately, it doesn't work

 

 

0 Kudos
PhoneBoy
Admin
Admin

What is the precise behavior that occurs?
What do you see when you try and debug scv?
Follow the steps here: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_PerformanceTuning_AdminGuide/Topic... 
For the debug flags (Step 8), I believe you'll need fw ctl debug -m fw + scv

TAC may have other suggestions here.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events