​I came across an issue to which  I needed to change a setting via Group Policy in Internet Explorer but could not find the matching GPO setting. It simply may have been under my nose in the GPO but I simply could not find it. So I went back to an old trick using Sysinternals ProcMon.

I figured if I can sleuth out what the registry key was then I could create a GPO preference which would obtain the results I needed to correct the issue. To find out what the registry entry was I simply opened up IE and navigated to the setting I needed to change. But before I made the change in IE I also opened up ProcMon in parallel and created a few filters to reduce some of the noise such as the registry icon….

As well I wanted to see only the RegSetValue Operation as I was only interested in registry changes so I excluded all other registry queries etc….

As mentioned I had IE open at the same time. As you see below I wanted to change the “Preserve Favorites website data” setting. I selected/deselected the parameter in IE and I was able to capture what the registry modification was…..

Now that I know what the registry entry is I created a GPO preference to "deselect" the setting. Once again GPO’s are awesome.