How to create an ad-hoc query in CCS to return Windows Server registry details?

All supported versions of CCS

In the CCS Thick Console do the following steps.

1. Create a new query
2. For the Entity & Fields set it to Windows and Registry
3. When adding in the Asset/Asset Group/Asset Folder in the Additional Scope select "Scope to a Registry Key"
4. Registry Hive will most likely always be HKLM as HKU requires a user to be logged in to the server at the time of data collection, otherwise no data will be returned as no user profile will be loaded in memory.
5. For the "Registry Key" set it for example "\SYSTEM\CurrentControlSet\Control\SecurityProviders"
6. Under Registry Level you can set it how far below that key you want to go.
7. For "Keys to include" by default a wildcard is used to bring back everything.

NOTE: If you are adding multiple assets step 3-7 will need to be done for each asset. It is recommended to use an Asset Group or Asset Folder so as to minimize the number of times those steps have to be performed.