Set proxy for all users and system accounts on Windows Server

windows powershell proxy windows-server-2016
12,527

Solution 1

According to the script above, you've remmed out the keys you need.

You're setting the wrong key. Try this one:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

On this key:

HKEY_USERS\S-1-5-18

And you should be golden!

Solution 2

Encoded configuration method

The whole configuration is encoded by the system as binary values and stored in an array under the DefaultConnectionSettings registry value.

Advantage:

  • You have only one registry value to handle

Drawback:

  • You must create your configuration with an exsting user account in order to get the DefaultConnectionSettings
  • You must apply it individually to each user

1.Set the Connection Settings like you desire in your current user session

2.Get the matching value of the Connection Settings from the Currently Logged On User

Get-ItemPropertyValue -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections' -Name 'DefaultConnectionSettings'

3.Update the first line of this code with the former result to set the same settings on the System Account

#This is the new connection settings you want to apply
$DefaultConnectionSettings = [byte[]](70,0,0,0,6,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,104,116,116,112,115,58,47,47,119,101,98,112,114,111,120,121,46,109,121,100,111,109,97,105,110,46,99,111,109,47,112,114,111,120,121,46,112,97,99,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)

#This is the key of the LOCAL SYSTEM account
$IESettingsKey = 'Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings'

$IEConnectionsKey = Join-Path -Path $IESettingsKey -ChildPath 'Connections'

#If the Connection subkey does not exist, create the subkey
If(-not(Test-Path -Path $IEConnectionsKey)){
    New-Item -Path $IESettingsKey -Name 'Connections'
}

try{
    #If the DefaultConnectionSettings already exists, set it with the new value
    $Null = Get-ItemPropertyValue -Path $IEConnectionsKey -Name 'DefaultConnectionSettings'
    Set-ItemProperty -Path $IEConnectionsKey -Name 'DefaultConnectionSettings' -Value $DefaultConnectionSettings
}
catch{
    #If the DefaultConnectionSettings does not exist, create it with the new value
    New-ItemProperty -Path $IEConnectionsKey -Name 'DefaultConnectionSettings' -Value $DefaultConnectionSettings -PropertyType Binary
}

Solution 3

Explicit configuration method

The configuration is a combination of several registry values.

Advantage:

  • The configuration is humanly readable.
  • The configuration can be applied to all users at once.

Drawback:

  • There is no registry value to enable or disable the Automatically detect settings setting

  • If you use PowerShell, you have to ensure that the parent registry keys exist and check if the matching values exist or not before you can set the data. For example, when you want to set the AutoConfig value, you must first create the Control Panel registry key (if it does not exist) or you will get an error.

Configuration values:

Note

Values located under
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
must also be set under
HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

  • Use automatic configuration script
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL = URL

Example: http://proxy.mydomain.com/proxy.pac

  • Use a proxy server for your LAN
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = 0|1
  • Proxy address to use and Use the same proxy server for all protocols checked
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = URL:PortNumber

Example: http://proxy.mydomain.com:80

  • Use the same proxy server for all protocols unchecked
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = List of URL:PortNumber

Example: http://proxy.mydomain.com:80;https://proxy.mydomain.com:443;ftp://ftp.mydomain.com:21

  • Bypass proxy server for local addresses and NOTHING in Do not use proxy server for addresses beginning with
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = <LOCAL>

Example: <LOCAL>

  • Bypass proxy server for local addresses and SOMETHING in Do not use proxy server for addresses beginning with
HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = FQDN list

Example: Mydomain.com;AnotherDomain.com

Application scope:

  • Apply the proxy configuration to all users
HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser = 0|1
  • Prevent users from overriding Proxy Configuration
HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = 0|1
Share:
12,527
LockTar
Author by

LockTar

Updated on September 18, 2022

Comments

  • LockTar
    LockTar over 1 year

    We are trying to deploy a ARM template for Azure. We want to set the proxy for all users and system accounts. But we are unable to do it. When we use this powershell script, the current user has a proxy but not the system account. Any suggestions?

    <#
.Synopsis
This function will set the proxy settings provided as input to the cmdlet.
.Description
This function will set the proxy server and (optinal) Automatic configuration script.
.Parameter ProxyServer
This parameter is set as the proxy for the system.
Data from. This parameter is Mandatory
.Example
Setting proxy information
Set-InternetProxy -proxy "proxy:7890"
.Example
Setting proxy information and (optinal) Automatic Configuration Script 
Set-InternetProxy -proxy "proxy:7890" -acs "http://proxy:7892"
#>

#[CmdletBinding()]
Param(        
    [Parameter(Mandatory=$True,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [String[]]$Proxy,

    [Parameter(Mandatory=$False,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [AllowEmptyString()]
    [String[]]$acs      
)

Begin
{
    $regKey="HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"        
}    
Process
{        
    Set-ItemProperty -path $regKey ProxyEnable -value 1
    Set-ItemProperty -path $regKey ProxyServer -value $proxy

    if($acs) 
    {            
        Set-ItemProperty -path $regKey AutoConfigURL -Value $acs          
    }

    #$obj = Get-ItemProperty -Path Registry::”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
    #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" -Name DefaultConnectionSettings -Value $obj.DefaultConnectionSettings
    #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" -Name SavedLegacySettings -Value $obj.SavedLegacySettings
    #$obj = Get-ItemProperty -Path Registry::”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
    #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyEnable -Value $obj.ProxyEnable
    #Set-ItemProperty -Path Registry::”HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name Proxyserver -Value $obj.Proxyserver
}     
End
{
    Write-Output "Proxy is now enabled"
    Write-Output "Proxy Server : $proxy"

    if ($acs)
    {
        Write-Output "Automatic Configuration Script : $acs"
    }
    else
    {
        Write-Output "Automatic Configuration Script : Not Defined"
    }
}
    • Harry Traynor
      Harry Traynor almost 7 years
      Silly question, is this a 100% cloud based deployment? Are you able to use group policies? If its not 100% cloud have you got access to DNS to deploy PAC files - assuming everyone needs the same proxy information?
    • LockTar
      LockTar almost 7 years
      No it is not (yet) possible. I don't know if it will be available in this company but for the time being not. So I only know that I have to set the proxy. As you can see it works for Current User but not for system wide.
    • WBuck
      WBuck about 2 years
      Did you ever find a solution for this issue?
  • LockTar
    LockTar over 6 years
    I was trying to do this but the Connections piece is not there in HKEY_USERS\S-1-5-18. See the commented part in my script. I've got an error when I run that because Connections isn't available.
  • RalfFriedl
    RalfFriedl almost 5 years
    Do you have an explanation what this does?
  • Luke
    Luke almost 5 years
    Hi Ralf! You are right. I have added comments to the code.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Installing Removed Windows Features
How to check if machines are set to use a proxy (remotely)?
Missing roles in Windows Server 2016
Where is WinRMRemoteWMIUsers__ local group in Windows Server 2016?
How do I completely turn off Windows Defender from PowerShell?
Will Django run on Windows Server 2019 or 2016?
Flutter stuck on 'flutter' command - no output to console and it doesn't ever finish
Generating an RSA key pair in powershell
How to find Windows product Key if your sticker is damaged
What is equivalent of mklink in Windows Powershell?