How to change registry key on Window end point for "connect before logon"
40140
Created On 01/28/21 23:17 PM - Last Modified 01/31/25 21:53 PM
Objective
GlobalProtect(GP) endpoints connect to GP VPN before logon.
The GP will need to retrieve the Window "PanPlapProvider.dll" key.
This is the procedure to automatically add the registry keys for "PanPlapProvider" and "PanPlapProvider.dll" using PanGPS.exe.
Environment
- GlobalProtect Agent 5.2 and above.
- Windows 10.
Procedure
Configuration:
- Open the command (cmd) prompt and run it as administrator. To do this, click the Start icon and in the Search box, type "cmd. Hover the mouse over the cmd program and right-click. Select "Run as administrator".
- In the command prompt, Go to the location where the GlobalProtect is installed. By default setting, it is at c:\Program Files \Palo Alto Networks\GlobalProtect
- Executable file PanGPS.EXE can be found in the same directory. Use "dir panGPS.exe" to confirm
- Run the "PanGPS.EXE -registerplap" command and wait for it to finish
C:\Program Files\Palo Alto Networks\GlobalProtect>PanGPS.EXE -registerplap
Begin to register PanPlapProvider...
Completed register PanPlapProvider.
Verification:
- Open new search for the registerkey via "regedit":
- The command ran previously would have generated two keys in the Window Endpoint registry.
- Computer\HKEY_CLASSES_ROOT\CLSID\{20A29589-E76A-488B-A520-63582302A285}\InprocServer32
The registry setting has "PanPlapProvider.dll" cand the value is set to "Apartment"
- Computer\KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers\{20A29589-E76A-488B-A520-63582302A285}"
This registry has "PanPlapProvider" set as default.
c. You must reboot the endpoint in order for the PLAP and Connect Before Logon registry keys to take effect.
Additional Information
Connect Before Logon Settings In The Windows Registry
Note: The Pre-logon and Pre-logon then On-demand connection methods are not supported simultaneously with Connect Before Logon.