To get to this page: Select Controls from the left menu. Go to New > Control. Click Get Started for the Registry Value Content Check control type. (Or click edit for any control of this type you want to change.)

New/Edit Control: Registry Value Content Check (Windows)

The Registry Value Content Check control type checks the content of a Windows registry value. The control value may be a Boolean value (True or False), an integer value, a string value or a string list.

 

General Information

In the General Information section, provide basic information for the control, including a control statement and category. See General Information for details.

 

Scan Parameters

In the Scan Parameters section, specify the scan parameters that the scanning engine will use to gather data for the control. The scan parameters combined make up a single data point. You must also enter a description for the data point, which will appear in compliance policies and reports.

Registry Hive

A registry hive is a top level registry key predefined by the Windows system to store registry keys, subkeys and values for specific objectives. All registry hives begin with HKEY and appear as file folders at the top level on the left hand side of the Registry Editor window.

These common hives are supported in custom controls:

HKEY_CLASSES_ROOT (HKCR). This hive contains information about registered applications, such as Associations from File Extensions and OLE Object Class IDs tying them to the applications used to handle these items. The information stored here ensures that the correct program opens when you open a file by using Windows Explorer. HKEY_CLASSES_ROOT is a subkey of HKEY_LOCAL_MACHINE\Software.

HKEY_CURRENT_USER (HKCU). This hive contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is referred to as a user's profile. HKEY_CURRENT_USER is a subkey of HKEY_USERS.

HKEY_USERS (HKU). This hive contains the root of all user profiles on the computer.

HKEY_LOCAL_MACHINE (HKLM). This hive contains configuration information particular to the computer. The information stored here is general to all users on the computer.

Registry Key

A registry key appears as a file folder on the left side of the Registry Editor window. Registry keys may contain registry subkeys, which are keys within a key. Subkeys also appear as file folders on the left side of the Registry Editor window.

NAME. Enter the name of the registry value as it appears in the Name column in the Registry Editor window. If you do not specify a registry value name, then the service will check the content of the default value for the specified registry key. The default value appears as (Default) in the Name column in the Registry Editor window.

Data Type. (View only) The data type of the value returned by the scanning engine. For a registry value content check control this is set to "Boolean" by default.

Description. Enter a description for the custom control which will appear in compliance policies and reports.

Click Add Parameters to add parameters and close the Scan Parameters window. You will notice the Edit Parameters button is available. Click this button to edit parameters before saving the control.

See also:

Add/Edit Scan Parameters in a New Control

Update the Data Point Description in an Existing Control

 

Control Technologies

In the Control Technologies section, identify the technologies applicable to the control. For each technology, provide a rationale statement, select a cardinality (if applicable), select an operator, and set the default control value.

Rationale

Enter a rationale statement describing how the control should be implemented for each technology.

Cardinality (only applicable for the String List data type)

Select a cardinality. Several cardinality options appear as shown in the table below. X represents the value returned by the scanning engine and Y represents the expected value defined for the control.

cardinality

you are compliant when

contains

X contains all of Y

does not contain

X does not contain any of Y

matches

all strings in X match all strings in Y (listed in any order)

intersects

any string in X matches any string in Y

is contained in

all strings in X are contained in Y

 

Select the Lock Cardinality option to lock the cardinality. When locked, users cannot change the cardinality in the Policy Editor.

Operator

Select an operator. The operator options that appear depend on the specified data type: String, String List or Integer. Note that there are no operator options for the Boolean data type.

String. The only operator option available is "regular expression". You must specify the default value as a regular expression. The string value returned in the scan results will be compared to the regular expression defined for the control to determine the pass/fail status.

String List. Select the operator "regular expression list" if you are specifying the default value as a list of regular expressions that you want to compare the results to. Select the operator "string list" if you are specifying the default value as a list of string values that you want to compare the results to.  

Integer. Several operator options appear as shown in the table below. X represents the value returned by the scanning engine and Y represents the expected value defined for the control.

operator

you are compliant when

less than

X is less than Y

less than or equal to

X is less than or equal to Y

greater than

X is greater than Y

greater than or equal to

X is greater than or equal to Y

not equal to

X is not equal to Y

in

X is in Y

 

Select the Lock Operator option to lock the operator. When locked, users cannot change the operator in the Policy Editor.

Default Value

Specify the default expected value for each technology. Select True or False for the Boolean data type, enter an integer value (whole number) for the Integer data type, enter a regular expression for the String data type, or enter a list of string values or regular expressions for the String List data type. When entering multiple values for the String List data type, enter each value on a separate line.

When using the "in" operator for the Integer data type, you may enter a list of integers for the default value. When entering a list of integers, separate each integer with a colon (:). For example, enter 1:2:3:4. If the scan results return a "2" then you Pass because the 2 is in the list of integers defined for the control. If the scan results return a "7" then you Fail because the 7 is not in the list of integers defined for the control.

Select the Lock Value option to lock the default value. When locked, users cannot change the default value in the Policy Editor.

Regular Expression: See Regular Expression Symbols for standard symbols and their meanings. The compliance module implements Perl Compatible Regular Expressions (PCRE) following the PCRE standard. For information on this standard, go to http://www.pcre.org/. For information on building proper regular expressions for controls using this standard, go to http://perldoc.perl.org/perlre.html. Note that users should escape special characters in PCRE regular expressions for string matching to occur correctly:

( ) [ ] | ^ $ -

For example, to match the string "(cs" you must enter "\(cs" (add backslash before the special character).

 

References

In the References section, add or remove references to internal policies and documents. See References for details.