Announcement

Collapse
No announcement yet.

Script reg hack force proxy and disable auto detect

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script reg hack force proxy and disable auto detect

    Hello,

    I manage a NT4 server, what i want to do is enforce my proxy server on all my XP clients, and disable the auto detect connection option.

    1. I have googled and found a script to disable auto detect and auto script,
    2. I have also found a reg hack to force the web proxy...


    But I cannot do both simultaneously....

    this is how I achieved 1. (copied from another forum...)
    Code:
    reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /t REG_BINARY /d 46000000020000000100000000000000070000003c6c6f63616c3e000000000000000000000000000000000000000000000000000000000000000000000000 /f
    
    reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 0 /f
    and 2. using a reg file
    Code:
    REGEDIT4
    
    [HKEY_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=192.168.0.253:800
    "ProxyEnable"=dword:00000001
    "ProxyOverride"=127.0.0.1
    "ProxyHttp1.1"=dword:00000001
    "MigrateProxy"=dword:00000001


    Could someone please show me how to combine the 2 things above - I want to set it at the computer level not on the user level.....

    Also I would like instructions on how to force these at logon (from my nt4 server)

    Please advise what I need to do to get this working.......also can it be forced onto Firefox too or just IE?

    cheers
    Last edited by Rems; 23rd January 2009, 11:34. Reason: added code tags

  • #2
    Re: Script reg hack force proxy and disable auto detect

    Those settings apply to IE only. You can use a batch file to accomplish this using reg.exe as you noted. Create a batch file, and place it in the \\PDC\netlogon share and adjust the user's profile to use the logon script. This is done in User Manager For Domains - you'll see where under the profile button. Enter the logon script filename and apply the setting.

    For Firefox copy the firefox.js file from an existing default install. It's usually in the application directory located at "C:\Program Files\Mozilla Firefox\defaults\pref". Either editing or adding to the following lines.

    Code:
    pref("network.proxy.share_proxy_settings",  false); // use the same proxy settings for all protocols
    to something like what's seen below...

    Code:
    lockPref("app.update.enabled", false);  (Admin needs this entry to ensure that the all.js file does not get modified by any Firefox updates)
    lockPref("network.proxy.http", "192.168.0.1");   (Defines and locks iPrism as http proxy)
    lockPref("network.proxy.http_port", 8080);   (Defines and locks http proxy port at 3128)
    lockPref("network.proxy.type", 1);  (Signifies "Manual" proxy configuration, as opposed to auto discovery etc, see note below)
    lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");  (Networks where proxy is not necessary, i.e., exceptions)
    lockPref("network.proxy.share_proxy_settings", true);  (Equivalent to the "Use proxy server for all protocols" setting)
    
    Note: "1" in the provided example configuration (above) signifies that this is a manual proxy configuration; 
    
    0 = Direct connection, no proxy. (Default)
    1 = Manual proxy configuration
    2 = Proxy auto-configuration (ProxyPac)
    4 = Auto-detect proxy settings
    and using the same login script to overwrite the existing file with the values you want.
    Last edited by ahinson; 23rd January 2009, 04:07.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Script reg hack force proxy and disable auto detect

      Can this not be managed via System Policies?


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Script reg hack force proxy and disable auto detect

        Originally posted by Stonelaughter View Post
        Can this not be managed via System Policies?
        Probably with IE but I have no idea on Firefox.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Script reg hack force proxy and disable auto detect

          It's time to upgrade your NT4 server (domain?).
          Then use GPO's to deploy such settings. I'd believe there are even GPO's for Firefox out there either.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Script reg hack force proxy and disable auto detect

            Originally posted by Dumber View Post
            It's time to upgrade your NT4 server (domain?).
            Then use GPO's to deploy such settings. I'd believe there are even GPO's for Firefox out there either.
            No there are not. Firefox's config is stored in proprietary files - not in the registry. This means that direct modification of Firefox config via GPO is not possible. However, the config files can be deployed via logon script - but this means that policy is only changed back to corporate defaults at logon; NOT every 15 minutes like GPOs.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: Script reg hack force proxy and disable auto detect

              Originally posted by Stonelaughter View Post
              No there are not. Firefox's config is stored in proprietary files - not in the registry. This means that direct modification of Firefox config via GPO is not possible. However, the config files can be deployed via logon script - but this means that policy is only changed back to corporate defaults at logon; NOT every 15 minutes like GPOs.
              Which is why I suggested using the lockpref keyword for the Firefox prefs. They won't change unless someone edits the file, which you can control.
              Andrew

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: Script reg hack force proxy and disable auto detect

                Per default, yes I know firefox can't be controlled by GPO.
                But although I haven't tested it, it looks like there are ways around it.
                http://homepages.ed.ac.uk/mcs/FirefoxADM/ADM_Deploy.pdf
                http://sourceforge.net/projects/firefoxadm
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Script reg hack force proxy and disable auto detect

                  Nice to know it can be done. Thanks Marcel.
                  Andrew

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  Comment

                  Working...
                  X