Get-GPPrefRegistryValue or Get-GPRegistryValue

Someone at work recently asked me to provide the list of (web) sites assigned to an IE zone, so that he could tell me what sites are obsolete and can be removed. Yeah, we need that because IE11 intranet automatic detection mechanism doesn’t work with an httpstunnel interface and an NRPT table for those who are familiar with Direct Access scenario.

I jumped on a PowerShell console and couldn’t immediately get the answer because I got confused by the Get-GPPrefRegistryValue cmdlet. I couldn’t easily get the answer because I actually used the wrong cmdlet (my bad) 😦
I should have used the Get-GPRegistryValue cmdlet instead πŸ™‚ . Do you see the difference between the two cmdlets?

I could actually have had my answer in less than 2 seconds by doing:

Get-GPO -Name "myGPOName" | 
Get-GPRegistryValue -Key 'HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' |
Select ValueName,Value

Instead, I went the hard way and did the following:

# 1. Export the GPO to an XML file
Get-GPO -Name "myGPOName" | 
Get-GPOReport -ReportType Xml -Path "C:\myGPOName.xml"

# 2. Read the XML file
 ([xml](Get-Content "C:\myGPOName.xml")).GPO.User.ExtensionData.Extension.Policy | 
 Where Name -eq 'Site to Zone Assignment List'

Even if you’re confused, PowerShell always provides many ways to skin the cat πŸ˜€

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.