DSC: configuring a proxy

What’s the first thing you do when you configure a new server?
After configuring the network stack, the time and allowing remote desktop, I make sure that the server has access to Internet so that all the other operations (like downloading drivers, packages, Windows updates, activating Windows,…) that depend on this link run smoothly.

In a corporate environment, accessing the Internet is usually done through a proxy server.
I’ll share with you an old trick I’m using since Windows XP: how to configure a proxy per machine with Desired State Configuration (DSC) and avoid other admins messing with it 😀

You can configure proxy settings via

  • a response file (unattend.xml) when the computer is provisioned with Microsoft-Windows-IE-ClientNetworkProtocolImplementation component
  • Group policies
  • That’s out-of-scope as we don’t know if the machine is domain or workgroup joined

  • IE branding
  • Remember the IEAK, it’s based on a INS file located in C:\Program Files (x86)\Internet Explorer\Custom and some registry settings

    The problem with this approach is that you need to indicate the version of Internet Explorer in the INS file. That’s why it’s not a suitable way to proceed.

  • the Registry
  • This method doesn’t depend on the version of Internet Explorer and whether the machine is workgroup or domain joined. It’s thus the most suitable way to go 🙂

I’ve created 5 small DSC configurations to illustrate 4 basic scenarios and 1 to restore to user based proxy settings. (Note that you mix some scenarios together to match your needs and your environment configuration)

  • NoProxy.ps1 will define proxy settings per machine and configure it to access directly Internet
  • ProxyAutodetect.ps1 will define proxy settings per machine and let autodetect enabled (~default user config but per machine)
  • ProxyURL.ps1 will define a proxy configuration script URL (set to http://myproxy.fqdn/proxy.pac in my example below)
  • Proxy.ps1 will define a proxy address set to myproxy.fqdn on port 8888 for every protocols and bypass proxy server for local addresses
  • RestorePerUserProxy.ps1 will delete all per machine settings and rely back on user settings

(I’ve stored the samples as Gist files, so that you can use the OneGet Gist provider made by Doug Finke to get them 😉 )

If you want to use these configurations, you may need to modify my sample configurations and replace the binary value for both DefaultConnectionSettings and SavedLegacySettings. You actually need to capture them on a working computer where you configured manually Internet Explorer settings for your environment.
Then you can extract the binary value from the HKCU hive with the following code:

$regkey = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
-join ( 
(Get-ItemProperty -Path  $regkey -Name DefaultConnectionSettings).DefaultConnectionSettings |
 Foreach-Object { '{0:X2}' -f $_ })
-join ( 
(Get-ItemProperty -Path $regkey -Name SavedLegacySettings).SavedLegacySettings |
 Foreach-Object { '{0:X2}' -f $_ })

Here are the 5 small DSC samples with what you get in UI as a result. Enjoy 😎

  • NoProxy.ps1

  • ProxyAutodetect.ps1

  • ProxyURL.ps1

  • Proxy.ps1

  • RestorePerUserProxy.ps1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.