Pulling trusted sites from users Registry

FreeSpiritF1
FreeSpiritF1 used Ask the Experts™
on
Hello all

I need to pull the trusted sites from each users registry setting and wanted to know if anyone had or knew of a script or tool that could retrieve this information?

Ill be pulling it remotely so I need to pull it from the key below. As the key contains a unique identifier I cant see a way of automating this with a batch file or power shell command.

HKEY_USERS\S-1-5-21-1212121212-11111111-1111111111-354536\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Otherwise its drilling down manually through every users reg setting :(

Thanks in advance!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Is this what you're looking for?

reg export HKEY_USERS\S-1-5-21-1212121212-11111111-1111111111-354536\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains REG_KEY_FILE.reg

Open in new window

http://technet.microsoft.com/en-us/library/cc732643.aspx

Maybe you want to find the unique SID of each user to use in the script?
https://stackoverflow.com/questions/2919286/getting-the-username-from-the-hkey-users-values
Distinguished Expert 2018
Commented:
Simply deploy this line to your domain logon script. It uses HKCU, no identifier (SID) needed!
reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains REG_KEY_FILE.reg
HKCU is just the Current logged in user, and that's fine if that's the only user on the system that you wish to look up.  If you're looking up other users, you'd have to load up each users SID.
Distinguished Expert 2018
Commented:
Yup. And that would be simple using a simple for-loop using a startscript:
echo results for %computername% >\\server\share\zonetest\%computername%.txt
for /f %%a in ('reg query hku') do reg query "%%a\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" >>\\server\share\zonetest\%computername%.txt

Open in new window


If no startscript should be used, the syntax will get more complicated in order to hit any machine. But of course reg query can run against remote machines:
reg query \\remotepc1\hku

would work.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial