Configuring the monitoring of a registry value

You can configure PATROL to monitor a specific registry value on the monitored computer to detect when the value changes or is deleted.

Before you begin

You can monitor registry values only under the following hives:

  • HKEY_LOCAL_MACHINE
  • HKEY_CURRENT_CONFIG
  • HKEY_CLASSES_ROOT

You cannot monitor registry values under HKEY_CURRENT_USER and HKEY_USER.

To configure the monitoring of a registry value

  1. Navigate to the NT_REGISTRY application (labeled Registry) as described in Accessing an application instance.
  2. Access the KM menu commands as described in Accessing KM menu commands.
  3. Choose the KM menu command Configure Registry Value Monitoring > Add Value.
  4. From the Configure Registry Value Monitoring - Add Value dialog box, enter the name of the registry key and the value that you want to monitor.
    Enter the full name of the registry key path.
    Example:
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\BMCSoftware\PAMO\1.1\ReportTypes\Event Trend Report
    Value: Excel Template Path
  5. Click Apply.
  6. If the value changes or is deleted, the parameter Registry Value Changed (RegValueChanged) alarms.

Related dialog box

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*