deviceTRUST 19.2 is now available and includes the new macOS Client and an updated iOS Client. See the release notes for more information.

Policy category: Registry Control

  1. Policy setting: Allow deviceTRUST triggers to change registry values
  2. Policy setting: Define who can change registry values

Policy setting: Allow deviceTRUST triggers to change registry values

Defines whether deviceTRUST triggers can change registry values.

This policy works together with the ‘Define who can change registry values’ policy, which can be used to allow SYSTEM or Local Administrator processes to change registry values.

  • When ENABLED, processes launched by deviceTRUST triggers can call dtcmd.exe to change registry values.

  • When DISABLED, processes launched by deviceTRUST triggers are unable to call dtcmd.exe to change registry values.

The default behavior is enabled.

Policy setting: Define who can change registry values

Determines whether SYSTEM or Elevated Processes can change registry values.

This policy works together with the ‘Allow deviceTRUST triggers to change registry values’ policy, which can be used to allow deviceTRUST triggered processes to change registry values.

  • When set to None, processes are unable to call dtcmd.exe to change registry values.

  • When set to ‘SYSTEM account’, allows any process running under the SYSTEM identity to change registry values by supplying the /session: option to dtcmd.exe.

  • When set to ‘Any elevated process’, allows any elevated administrative process to change registry values by supplying the /session: option to dtcmd.exe.

The default value is None.