Windows Server 2008 Replacement of ProxyCfg.exe
When setting up a secure server farm you always want to filter egress traffic. This means that all outbound traffic is blocked by default, including the web traffic from the servers. When surfing is required for drivers and downloads, this is usually handled by setting the proxy in the Internet Explorer options. However if you want certain processes / services like Windows Update to automatically retrieve updates and wait for manual approval, the next time you login. You need to set a proxy server up and force the Local Machine to use it. The setting in the IE properties page is for the Current User only.
In Windows XP and Windows 2003 this was done via the command proxycfg.exe. You would simply set and unset the “Local Machine” proxy with the commands:
The old way to set the "Local Machine" proxy:
Proxycfg –p {proxy address:port} {bypass list}
Proxycfg -p "proxy.bohack.com:8180" "<local>;*.bohack.com"
The old way to unset it:
Proxycfg –d
It basically sets the registry value below, to the values you specify in with the proxycfg command.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
So what happened to the “proxycfg.exe” command? Starting in Vista, Windows Server 2008 and Windows 7 you will no longer find the proxycfg command. It has now been replaced with the “netsh” command. This command can be used either interactively by tying “netsh” and navigating the tree of commands or used in a one line command sequence, like shown below.
The new way to set the "Local Machine" Proxy:
netsh winhttp set proxy {proxy address:port} {bypass list}
netsh winhttp set proxy "proxy.bohack.com:8180" "<local>;*.bohack.com"
The new way to unset it:
netsh winhttp reset proxy
Check the settings with:
netsh winhttp show proxy
The new commands change the same registry value above, the only thing that changed it the command to set and unset the Local Machine proxy. Theoretically you could export out the registry setting and import it onto another machine.
January 24th, 2012 at 6:54 am
iam using college lan
with configuration:
10.14.43.xx
255.255.0.0
10.14.250.1
and dns
10.xxx.x.xx
and alternative
10.xxx.xx.x
net is working. means firefox and internet explorer are also working but net connection always showing with this mark
!.
and the diagnosis analysis is showing me that
windows cannot automatically detect this proxy settings.
please help me this problem.
but when i connect that port to any another laptop it is not showing like that. it is purely related to change something in my system.
thank you
January 24th, 2012 at 10:31 pm
It depends on which operating system you are using. If it is Windows 7 and the ! appears over the connection it means that something is blocking an outbound query to the gateway or router. This could either be blocked at your computer or the firewall / router. I can assume a few things: one is that the other laptop does not display this so it is not the firewall / router. I would guess then there is a piece of security software not allowing you out of the network (computer) to query the firewall / router. http://technet.microsoft.com/en-us/library/cc755604%28WS.10%29.aspx basically it checks the mac address of the gateway to become NLA or Network Location Aware and switch your security posture to either home, work or public. First step would be turn off your ancillary security software to see if the problem goes away, disconnect the network cord and plug it back in to change the state of the network and refire the NLA process. Basically called bouncing it.
May 29th, 2012 at 3:21 am
How do we enter the username and password for proxy authentication into this?
May 29th, 2012 at 11:07 am
Configure the url as an http url username:password@proxyaddress.domain.com:portnumber so it would look like this user:pass@192.168.1.5:80
August 22nd, 2012 at 5:26 am
Hi,
I have a out side facing web server.
If i enable proxy settings for windows update with netsh command to that web server, that will make any changes to the hosted web sites in that server?
Means accessing the website etc…
Regards,
Melwin
August 22nd, 2012 at 12:19 pm
The system proxy should not, but I have seen in some cases where if a system process like a “service” calls out to a web page for information it will go thru the proxy. I seen this on one web application that used SOAP requests. However directed requests into port 80 will not go back thru the proxy. I have several web servers here that have that setting on it and no problems… As always test or ask forgiveness and not permission after your 90% sure.
October 9th, 2012 at 5:46 am
Hi,
Thanks for the last resposnse and I have implemented the same and it looks good. Now I have an another question regarding Remote Desktop Session Host (Terminal Servers). I just created a Remote Desktop FARM with windows native NLB. All the hosts are running Windows Server 2008 R2 and it works absolutely fine with the NLB ip. Now I need to setup Remote Desktop Connection Broker for this existing farm. My question is: What is the best practice in running the connection broker? Can I run in any of the existing Session Host or do I need to pull a new VM only for Connection Broker Service? Which option will give better performance?
Regards,
Melwin