Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 261
  • Last Modified:

Pulling trusted sites from users Registry

Hello all

I need to pull the trusted sites from each users registry setting and wanted to know if anyone had or knew of a script or tool that could retrieve this information?

Ill be pulling it remotely so I need to pull it from the key below. As the key contains a unique identifier I cant see a way of automating this with a batch file or power shell command.

HKEY_USERS\S-1-5-21-1212121212-11111111-1111111111-354536\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Otherwise its drilling down manually through every users reg setting :(

Thanks in advance!
0
FreeSpiritF1
Asked:
FreeSpiritF1
  • 2
  • 2
4 Solutions
 
serialbandCommented:
Is this what you're looking for?

reg export HKEY_USERS\S-1-5-21-1212121212-11111111-1111111111-354536\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains REG_KEY_FILE.reg

Open in new window

http://technet.microsoft.com/en-us/library/cc732643.aspx

Maybe you want to find the unique SID of each user to use in the script?
https://stackoverflow.com/questions/2919286/getting-the-username-from-the-hkey-users-values
0
 
McKnifeCommented:
Simply deploy this line to your domain logon script. It uses HKCU, no identifier (SID) needed!
reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains REG_KEY_FILE.reg
0
 
serialbandCommented:
HKCU is just the Current logged in user, and that's fine if that's the only user on the system that you wish to look up.  If you're looking up other users, you'd have to load up each users SID.
0
 
McKnifeCommented:
Yup. And that would be simple using a simple for-loop using a startscript:
echo results for %computername% >\\server\share\zonetest\%computername%.txt
for /f %%a in ('reg query hku') do reg query "%%a\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" >>\\server\share\zonetest\%computername%.txt

Open in new window


If no startscript should be used, the syntax will get more complicated in order to hit any machine. But of course reg query can run against remote machines:
reg query \\remotepc1\hku

would work.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now