How to Collect a Specific System Registry Key in Windows Using the EM Module

Modified on Fri, 1 Aug at 12:53 AM

Overview:

This article outlines the steps to collect specific Windows registry key data from target devices using the Endpoint Management (EM) module. This can help in auditing configuration settings or troubleshooting system behavior across multiple endpoints.

Steps to Collect a Registry Key:

1. Access the EM Module

  • Log in to the Saner CVEM Console.

  • Navigate to the Endpoint Management (EM) module.

  • Click on the “Checks” tab from the left-hand navigation pane.

2. Open the Tools Section

  • Select the “Tools” option to initiate a new registry check.

  • Click on the Registry icon to begin defining your registry query.

3. Define the Registry Collection Rule

Enter the details of the registry key you want to collect:

  • Hive: HKEY_LOCAL_MACHINE

  • Key: SYSTEM\CurrentControlSet\Control\Session Manager\Power

  • Name: HiberBootEnabled

Note: Replace the Key and Name fields as needed, based on the specific registry entry you intend to collect.

4. Select Target Scope

  • Click on “Scope” to choose the target devices.

  • Select the devices from which you want to retrieve registry data.

  • Click the Submit (✓) icon to dispatch the query to the selected devices.

5. Response and Results Handling

  • The query will be executed on the selected devices.

  • Devices that are online and have the specified registry key will return the corresponding values.

Example: If 5 out of 8 devices respond, this indicates that those 5 devices are currently online and contain the requested registry key.

6. Viewing the Results

  • Navigate to the “Results” section within the EM module.

  • You’ll see a list of devices that responded, along with the registry values retrieved from each.

Additional Tips:

  • Ensure that all target devices are powered on and connected to the network before initiating the registry check.

  • If a device does not return any result:

    • Confirm the device is online.

    • Verify that the specified registry key path exists on the target system.


If you encounter any issues or need further assistance, please contact SecPod Support.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article