In this case Procmon (https://live.sysinternals.com/ ) and RegShot (https://sourceforge.net/projects/regshot/) are your best friends. I prefer RegShot over Procmon in for this occasion. It does a snapshot before (the change) and after and compares the differences. I would recommend to do a capture before the application starts and after the application closes and then run the compare.
Thanks Ivan !
I have been looking for something like RegShot for a while.
We ran the Profiler and all it found was on Reg group.. and ironically it had Nothing in it.
( HKCU\Software\Google\DriveFS ).
After calling google 'Collab Team' support we found out this is what we needed :
Here's the Link with all the REG keys / entries as well :
We don't force GDFS files to be local / ie to create a local copy. I would gather if someone did that these entries would need to be tweaked.. not sure.
To get GDFS to even load.. one needs 2.16 patch 1 i believe as well. Just the Agent not the Manager..Manager is dorked right now i believe . ( 5/8/2019 )
Good to hear and thanks for the link.
Those HKLM keys will probably be saved for the user. But by default a normal user will not be able to import those HKLM keys/values during logon. Unless the user is a local admin, or has explicit permissions in the registry (HKLM), or privilege elevation (within UEM) is used for importing those HKLM keys/values.
could you elaborate a little more on "privilege elevation (within UEM)"
I'm just setting up horizon and I'm not fully familiar with every feature.
WombatMaster: For the Privilige Elevation take a look at the following for more info, hope this helps you a bit: