Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1688
Views
5
Helpful
4
Replies

ISE and Windows Registries

Go to solution
jdurkin
Cisco Employee
Cisco Employee

‎11-09-2018 08:15 AM

Hi, 

 
1. Can ISE check the windows registry setting via Bitlocker for TPM?
 
2. Can ISE check the windows registry setting if Boot Password is Set? 
 
Thank you, 
Jim 
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎11-11-2018 05:59 AM

Hello Jim, 

 

From ISE , you can create a posture condition for registry check. however, you have to be absolutely sure about the registry check you want to perform. 

For Bitlocker, you might want to look under HKLM\Software\Microsoft\Windows\CurrentVersion\Bitlocker

Bios is not available through Windows. hence I doubt there is a registry entry for it which ISE can check.

I googled and found that wmi calls and vb scripts have been used to get this information. but again, this is out of ISE scope. 

 

Hope this helps. 

 

Thanks,

Nidhi

View solution in original post

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to dbredben

‎11-12-2018 11:16 AM

Please reach out internally. As I understand several TME and PM have already been involved. This is a public community. Please remove customer name from the posting.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎11-11-2018 05:58 AM

Hello Jim, 

 

From ISE , you can create a posture condition for registry check. however, you have to be absolutely sure about the registry check you want to perform. 

For Bitlocker, you might want to look under HKLM\Software\Microsoft\Windows\CurrentVersion\Bitlocker

Bios is not available through Windows. hence I doubt there is a registry entry for it which ISE can check.

I googled and found that wmi calls and vb scripts have been used to get this information. but again, this is out of ISE scope. 

 

Hope this helps. 

 

Thanks,

Nidhi

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎11-11-2018 05:59 AM

Hello Jim, 

 

From ISE , you can create a posture condition for registry check. however, you have to be absolutely sure about the registry check you want to perform. 

For Bitlocker, you might want to look under HKLM\Software\Microsoft\Windows\CurrentVersion\Bitlocker

Bios is not available through Windows. hence I doubt there is a registry entry for it which ISE can check.

I googled and found that wmi calls and vb scripts have been used to get this information. but again, this is out of ISE scope. 

 

Hope this helps. 

 

Thanks,

Nidhi

Go to solution
dbredben
Cisco Employee
Cisco Employee
In response to Nidhi

‎11-12-2018 11:02 AM - edited ‎11-12-2018 11:21 AM

Nidhi,  Are you able to get on a call to discuss?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to dbredben

‎11-12-2018 11:16 AM

Please reach out internally. As I understand several TME and PM have already been involved. This is a public community. Please remove customer name from the posting.
0 Helpful
Customers Also Viewed These Support Documents