Palo Alto GlobalProtect

Software, Tasks & Script Requests
1

Update GlobalProtect Software Configuration Tasks to include flag to enable connect before logon.

Function Get-ConnectBeforeLogon {
$HKCR = [bool](Get-PSDrive -Name HKCR -ErrorAction SilentlyContinue)
if(!$HKCR) {
    New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR
}
$PLAPProvider = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers\{20A29589-E76A-488B-A520-63582302A285}\" -ErrorAction SilentlyContinue
$Inprocserver = Get-ItemProperty "HKCR:\CLSID\{20A29589-E76A-488B-A520-63582302A285}\InprocServer32" -ErrorAction SilentlyContinue

If(($PLAPProvider.'(default)' -eq "PanPlapProvider") -and ($Inprocserver.'(default)' -eq "PanPlapProvider.dll") -and ($Inprocserver.ThreadingModel -eq "Apartment")) {
    $ConnectBeforeLogon = $true
} Else {
    $ConnectBeforeLogon = $false
}
return $ConnectBeforeLogon
}

Function Set-ConnectBeforeLogon {
Start-Process -FilePath "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe" -ArgumentList "-registerplap"
}

switch ($method) {
    'Get' {Get-ConnectBeforeLogon}
    'Set' {Set-ConnectBeforeLogon}
    'Test' {Get-ConnectBeforeLogon}
}
3

@Kevin_Clement this is now added. This works in my testing but can you confirm on your end?

1 Like