Bypass or disable proxy based on computer name

Question

We are trying to deploy a bunch of new Windows 7 (and some old XP) machines using MDT2010 and MDT2012.

Because IE is set to "automatically detect proxy settings", it gets the settings from the proxy.pac/wpad.dat defined in the DHCP server.

The problem is that during deployment, the machine is not on the domain, so no authentication to the WebMarshal server is possible, so all internet-based operations fail unless someone "hands-on" fills in the authentication dialog box.

How can I do one of the following?

Disable auto proxy configuration for XP before the application installations begin
Have the proxy.pac/wpad.dat files bypass the proxy based on something identifiable on the machine (host name would do, but iirc that's not available to PAC, but any other variable I can set from MDT would do too)
Configure WebMarshal to bypass authentication for particular a computer name

Could you not change the order of the application installs so that they happen after the domain join? IIRC MDT uses task sequences to perform the various activities, so you should be able to rearrange the order. — john, Oct 06 '16 at 18:37

score 1 · Answer 1 · edited Feb 28 '12 at 12:02

This is what I use (a vbs I found):

DIM sKey,sValue,binaryVal
Dim oReg
Dim status
Set oReg=GetObject( "winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")    'For registry operations througout

Const HKCU=&H80000001

status = "off"
sKey = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
sValue = "DefaultConnectionSettings"

oReg.GetBinaryValue HKCU, sKey, sValue, binaryVal

select case lcase(status)
  case "on"    binaryVal(8) = binaryVal(8) OR 8        'Force Autodetect on
  case "off"    binaryVal(8) = binaryVal(8) XOR 8        'Force Autodetect off
  case "show"    wscript.echo "Automatically detect is set to " & ((binaryVal(8) and 8) = 8)
  case else    wscript.echo "Invalid parameter - IEautomaticallydetect  on, off or show"
end select

if lcase(status)="on" or lcase(status)="off" then oReg.SetBinaryValue HKCU, sKey, sValue, binaryVal

Works flawlessly for me, I call it from a .cmd

In that example, `status` will always be `off`. – Cylindric Feb 28 '12 at 11:39 — Cylindric, Feb 28 '12 at 11:39

score 1 · Answer 2 · answered Feb 28 '12 at 12:16

Assuming you have outbound internet access with no proxy, then you could disable "Automatically Detect Settings" and take a copy of the following reg key:

DefaultConnectionSettings

in

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

Then configure as required for production and take another export. You can then switch them using a script at the appropiate times.

Bear in mind that most Proxy related configurations are stored in various keys

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

This includes the actual proxy itself, and exceptions etc

score 0 · Answer 3 · answered Jun 24 '15 at 19:46

0

Another option, presuming webmarshal supports it, is not to authenticate for the domains you need for deployment, which should be few enough not to represent a security issue.

answered Jun 24 '15 at 19:46

Tom Newton

4,141
2
24
28

Bypass or disable proxy based on computer name

3 Answers3