Check if a Registry value Exists using the Desired Configuration Monitoring Solution
The Desired Configuration Monitoring Solution (DCM Solution) ignores any rules under a Setting if the Setting does not exist. Let us take the case where you are trying to figure out the data of a registry value and do a compliance check on the same. If the registry value does not exist at all, it might be alarming to you. However, the DCM Solution does not warn you if the registry value was missing. But then what happens to the rule you created to check for the registry value? Well, it’s pretty simple. The rule is ignored. The DCM engine has been written in such a way, that it ignores any rules under a Setting if the Setting were not found. This is by design.
So, it is a best practice to always check for the existence of the setting before checking for its compliance. That way, you can be sure that if the registry value was not found, you would be alerted! Now, how do you check for the Existence of a Registry value? That’s a good question! You should have come across a function called Exists in the Query Builder screen while creating an Active Rule under a WMI data source / Setting pair. However, that is completely specific to checking for existence of hot fixes in the WMI. Using that, you cannot check for Registry Value Existence. You would need to create a Count Rule to check for the Existence. This is how you would do it:
Create a Registry data source as follows:
Name: Reg DS
Hive Name: HKEY_LOCAL_MACHINE
Key Name: SOFTWARE\Microsoft\Windows\CurrentVersion
Create a Setting under the Registry data source as follows:
Registry Value: ProductId
Create an Active Rule to check if the Registry Value Exists!
Rule Name: CheckForExistence
Query Expression: count(ProductId)='0' (Click Build Rule Query -> In the Query Builder screen, select the count function from the functions dropdown. In the Expression dropdown, select the setting which is ProductId)
Event Description: The Registry value - ProductID does not exist!
Event ID: 123
Severity: Error
The Rule you created above would alert you if the DCM Engine does not find the Registry value under the specified registry key. All you are trying to do here is get a handle to the registry value. And then check how many handles you got to the registry value. Ideally, if the registry value exists, it should be 1. But if the setting does not exist, it will be 0 and that’s what the Query Expression above enforces.
I have attached a sample manifest here for your reference. Thanks!
