Set proxy for all users and system accounts on Windows Server
Solution 1
According to the script above, you've remmed out the keys you need.
You're setting the wrong key. Try this one:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
On this key:
HKEY_USERS\S-1-5-18
And you should be golden!
Solution 2
Encoded configuration method
The whole configuration is encoded by the system as binary values and stored in an array under the DefaultConnectionSettings registry value.
Advantage:
- You have only one registry value to handle
Drawback:
- You must create your configuration with an exsting user account in order to get the DefaultConnectionSettings
- You must apply it individually to each user
1.Set the Connection Settings like you desire in your current user session
2.Get the matching value of the Connection Settings from the Currently Logged On User
Get-ItemPropertyValue -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections' -Name 'DefaultConnectionSettings'
3.Update the first line of this code with the former result to set the same settings on the System Account
#This is the new connection settings you want to apply
$DefaultConnectionSettings = [byte[]](70,0,0,0,6,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,104,116,116,112,115,58,47,47,119,101,98,112,114,111,120,121,46,109,121,100,111,109,97,105,110,46,99,111,109,47,112,114,111,120,121,46,112,97,99,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
#This is the key of the LOCAL SYSTEM account
$IESettingsKey = 'Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings'
$IEConnectionsKey = Join-Path -Path $IESettingsKey -ChildPath 'Connections'
#If the Connection subkey does not exist, create the subkey
If(-not(Test-Path -Path $IEConnectionsKey)){
New-Item -Path $IESettingsKey -Name 'Connections'
}
try{
#If the DefaultConnectionSettings already exists, set it with the new value
$Null = Get-ItemPropertyValue -Path $IEConnectionsKey -Name 'DefaultConnectionSettings'
Set-ItemProperty -Path $IEConnectionsKey -Name 'DefaultConnectionSettings' -Value $DefaultConnectionSettings
}
catch{
#If the DefaultConnectionSettings does not exist, create it with the new value
New-ItemProperty -Path $IEConnectionsKey -Name 'DefaultConnectionSettings' -Value $DefaultConnectionSettings -PropertyType Binary
}
Solution 3
Explicit configuration method
The configuration is a combination of several registry values.
Advantage:
- The configuration is humanly readable.
- The configuration can be applied to all users at once.
Drawback:
There is no registry value to enable or disable the Automatically detect settings setting
If you use PowerShell, you have to ensure that the parent registry keys exist and check if the matching values exist or not before you can set the data. For example, when you want to set the AutoConfig value, you must first create the Control Panel registry key (if it does not exist) or you will get an error.
Configuration values:
Note
Values located under
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
must also be set under
HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
- Use automatic configuration script
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL = URL
Example: http://proxy.mydomain.com/proxy.pac
- Use a proxy server for your LAN
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = 0|1
- Proxy address to use and Use the same proxy server for all protocols checked
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = URL:PortNumber
Example: http://proxy.mydomain.com:80
- Use the same proxy server for all protocols unchecked
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = List of URL:PortNumber
Example: http://proxy.mydomain.com:80;https://proxy.mydomain.com:443;ftp://ftp.mydomain.com:21
- Bypass proxy server for local addresses and NOTHING in Do not use proxy server for addresses beginning with
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = <LOCAL>
Example: <LOCAL>
- Bypass proxy server for local addresses and SOMETHING in Do not use proxy server for addresses beginning with
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = FQDN list
Example: Mydomain.com;AnotherDomain.com
Application scope:
- Apply the proxy configuration to all users
HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser = 0|1
- Prevent users from overriding Proxy Configuration
HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = 0|1
LockTar
Updated on September 18, 2022Comments
-
LockTar over 1 year
We are trying to deploy a ARM template for Azure. We want to set the proxy for all users and system accounts. But we are unable to do it. When we use this powershell script, the current user has a proxy but not the system account. Any suggestions?
<# .Synopsis This function will set the proxy settings provided as input to the cmdlet. .Description This function will set the proxy server and (optinal) Automatic configuration script. .Parameter ProxyServer This parameter is set as the proxy for the system. Data from. This parameter is Mandatory .Example Setting proxy information Set-InternetProxy -proxy "proxy:7890" .Example Setting proxy information and (optinal) Automatic Configuration Script Set-InternetProxy -proxy "proxy:7890" -acs "http://proxy:7892" #> #[CmdletBinding()] Param( [Parameter(Mandatory=$True,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [String[]]$Proxy, [Parameter(Mandatory=$False,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [AllowEmptyString()] [String[]]$acs ) Begin { $regKey="HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" } Process { Set-ItemProperty -path $regKey ProxyEnable -value 1 Set-ItemProperty -path $regKey ProxyServer -value $proxy if($acs) { Set-ItemProperty -path $regKey AutoConfigURL -Value $acs } #$obj = Get-ItemProperty -Path Registry::”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" -Name DefaultConnectionSettings -Value $obj.DefaultConnectionSettings #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" -Name SavedLegacySettings -Value $obj.SavedLegacySettings #$obj = Get-ItemProperty -Path Registry::”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyEnable -Value $obj.ProxyEnable #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name Proxyserver -Value $obj.Proxyserver } End { Write-Output "Proxy is now enabled" Write-Output "Proxy Server : $proxy" if ($acs) { Write-Output "Automatic Configuration Script : $acs" } else { Write-Output "Automatic Configuration Script : Not Defined" } }
-
Harry Traynor almost 7 yearsSilly question, is this a 100% cloud based deployment? Are you able to use group policies? If its not 100% cloud have you got access to DNS to deploy PAC files - assuming everyone needs the same proxy information?
-
LockTar almost 7 yearsNo it is not (yet) possible. I don't know if it will be available in this company but for the time being not. So I only know that I have to set the proxy. As you can see it works for
Current User
but not for system wide. -
WBuck about 2 yearsDid you ever find a solution for this issue?
-
-
LockTar over 6 yearsI was trying to do this but the
Connections
piece is not there inHKEY_USERS\S-1-5-18
. See the commented part in my script. I've got an error when I run that becauseConnections
isn't available. -
RalfFriedl almost 5 yearsDo you have an explanation what this does?
-
Luke almost 5 yearsHi Ralf! You are right. I have added comments to the code.