Create a Post
Showing results for 
Search instead for 
Did you mean: 

SCV RegMonitor matching DWORD values

Does anyone know how to correctly match REG_DWORD values in SCV (Secure Configuration Verification)?
While matching REG_SZ values is working fine for me using the following syntax:

 :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion>=6.3")

 ... matching the new Windows Version values which are REG_DWORD does not work:

 :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMajorVersionNumber==10")
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMinorVersionNumber>=0")

I also tried using :value instead of :string but it made no difference.

What I'm also interested in is how the >= operator is exactly working with non numeric values like in DisplayVersion which looks like "20H2".

The previously used keys CurrentVersion and ReleaseId seem not to be updated by Windows anymore since they are still 6.3 and 2009 on my Windows 10 machine.

If there is a better way to prevent older windows versions to connect its also welcome. I just have not figured out yet how  OsMonitor does work since begin_and/begin_or are not allowed in this section.

Final aim is to prevent clients lower than Win10 21H1 to connect.

Thanks, Bernhard

0 Kudos
1 Reply

Pretty sure you can only use >= with things that have a numeric value, at least based on the documentation:

If you're checking major version, this is the way to do it:

0 Kudos