Checking multi-line legalnoticetext registry value using Symantec Enterprise Security Manager
Last Updated January 09, 2012
Using Active Directory Group Policy Objects (GPO) you can set the value "Interactive logon: Message text for users attempting to log on" This security setting specifies a text message that is displayed to users when they log on. The message you enter could produce a multi-line "legalnoticetext" registry value. (located in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system registry key)
This article explains how to use Symantec Enterprise Security Manager to check upon the multi-line value in the registry key.
Imagine the following "Interactive logon: Message text for users attempting to log on" value when looking at it using the GPO editor. Notice there are multiple lines. The challenge is to get ESM to match this multi-line string using regex. (click on image to enlarge the screen shot)
The key to the solution is that the way ESM handles the "line feed" by using:
You can use the ESM template editor to create a registry module template to look for the exact value - the below screen shot shows the exact regex to match the above three lines in the "Interactive logon: Message text for users attempting to log on" value. (click on image to enlarge the screen shot)
The regular expression (regex) to match the three lines is as follows: