HOWTO: Registry Attribute Definition explained

  • Article

Maybe you already needed to use probe module to retrieve data from registry, check the existence of registry key or similar task involving registry when for example discovering your custom managed entity space. In that case you definitely met

<xsd:element name="RegistryAttributeDefinition" minOccurs="1" maxOccurs="unbounded">

  <xsd:complexType>

    <xsd:sequence>

      <xsd:element name="AttributeName" type="xsd:ID" />

      <xsd:element name="Path" type="xsd:string" />

      <xsd:element name="PathType" type="xsd:integer" />

      <xsd:element name="AttributeType" type="xsd:integer" />

    </xsd:sequence>

  </xsd:complexType>

</xsd:element>

 

It appears there is no explanation of PathType and AttributeType tags and their mapping to number available anywhere yet, so I will try to help there, as well as post an example of registry use to check key existence and how it should be done for OpsMgr 2007 …

PathType

· 0 – Key. Path is full path to the key.

· 1 – Value of specified registry key. Path includes name of the value.

· 2 – Default value of specified registry key. Path is full path to the key.

AttributeType

· 0 – Boolean: used when checking existence of the key or value.

· 1 – String: converting result value to string if possible.

· 2 – Integer: converting result value to number if possible.

· 3 – Float: converting result value to float.

Example to recognize Vista

Following is XML fragment when retrieving the value CurrentVersion under hive HKLM\Software\Microsoft\Windows NT\CurrentVersion helps to recognize Windows SKU. Similarly I could test existence of the value under some key (or key itself), in which case I need to provide full path to the value and change PathType to 1 (or ) in the case when checking the existence of key).

<RegistryAttributeDefinitions>

  <RegistryAttributeDefinition>

    <AttributeName>WindowsCurrentVersion</AttributeName>

    <Path>SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion</Path>

    <PathType>1</PathType>

    <AttributeType>1</AttributeType>

  </RegistryAttributeDefinition>

</RegistryAttributeDefinitions>

 

Result registry data type can be used with subsequent module thru $Data/…$ replacement, or direct XPath query when used with expression filter. To recognize Vista, compare with its version number (6.0)

<ConditionDetection ID="Filter" TypeID="System!System.ExpressionFilter">

  <Expression>

    <SimpleExpression>

      <ValueExpression>

        <XPathQuery>Values/WindowsCurrentVersion</XPathQuery>

      </ValueExpression>

      <Operator>Equal</Operator>

      <ValueExpression>

        <Value>6.0</Value>

      </ValueExpression>

    </SimpleExpression>

  </Expression>

 

Example to test existence

Following is XML fragment when testing the existence of the key CustomApplication under hive HKLM\Software.

<RegistryAttributeDefinitions>

  <RegistryAttributeDefinition>

    <AttributeName>CustomAppExists</AttributeName>

    <Path>SOFTWARE\CustomApplication</Path>

    <PathType>0</PathType>

    <AttributeType>0</AttributeType>

  </RegistryAttributeDefinition>

</RegistryAttributeDefinitions>

 

To test use following expression

<ConditionDetection ID="Filter" TypeID="System!System.ExpressionFilter">

  <Expression>

    <SimpleExpression>

      <ValueExpression>

        <XPathQuery>Values/CustomAppExists</XPathQuery>

      </ValueExpression>

      <Operator>Equal</Operator>

      <ValueExpression>

        <Value Type="Boolean">true</Value>

      </ValueExpression>

    </SimpleExpression>

  </Expression>