Someone at work recently asked me to provide the list of (web) sites assigned to an IE zone, so that he could tell me what sites are obsolete and can be removed. Yeah, we need that because IE11 intranet automatic detection mechanism doesn’t work with an httpstunnel interface and an NRPT table for those who are familiar with Direct Access scenario.
I jumped on a PowerShell console and couldn’t immediately get the answer because I got confused by the Get-GPPrefRegistryValue cmdlet. I couldn’t easily get the answer because I actually used the wrong cmdlet (my bad) π¦
I should have used the Get-GPRegistryValue cmdlet instead π . Do you see the difference between the two cmdlets?
I could actually have had my answer in less than 2 seconds by doing:
Get-GPO -Name "myGPOName" | Get-GPRegistryValue -Key 'HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' | Select ValueName,Value
Instead, I went the hard way and did the following:
# 1. Export the GPO to an XML file Get-GPO -Name "myGPOName" | Get-GPOReport -ReportType Xml -Path "C:\myGPOName.xml" # 2. Read the XML file ( ([xml](Get-Content "C:\myGPOName.xml")).GPO.User.ExtensionData.Extension.Policy | Where Name -eq 'Site to Zone Assignment List' ).ListBox.Value.Element
Even if you’re confused, PowerShell always provides many ways to skin the cat π