I’m currently working on implementing CIS compliance monitoring using both scan and agent based policies to monitor our current installed base. On a test system I got nearly full compliance for MS Edge (as as start) as these settings were made in HKEY\LOCAL_MACHINE which Insight will look for.
However, for a lot of settings and most of our workstations we use Ivanti Workspace, which puts these settings in the HKEY_CURRENT_USER.
Ivanti will, upon login, create a new empty user and merge the settings with this new user which gets deleted afterwards (saving modifications obviously)
I’ve copied the scan template to reflect the changes, but not unexpectedly this alone does not work. Even if a test user is logged in on the system and I use these credentials when scanning.
Does anyone have experience using policy scanning with Ivant Workspace and/or Current User registry checks with InsightVM?
I enjoyed using RES ONE Workspace prior to being acquired by Ivanti where all the latest and greatest solutions integrated for some great functionality. Moving away from the nostalgic moment, you’re correct about the “session based” settings. There are many ways to accomplish a single task especially with the solutions you are using. My guess is the session being active is causing some issue potentially lacking access or certificates for allowed executables. Also, I would probably accomplish the task with line tests in a custom policy where you can simply enter the CLI command and plug in the expected output. That seems easiest and how I would go about it. You may also try by putting an agent in learn mode while outputting to a debug trace.log.
