Hello guys,
I want to share with you a problem I had having.
I have Explicit proxy in my network. I have a GPO that update it for my clients.
Here, in my subnet, I have a WPAD script, to set it by DHCP and Auto-Detect by Internet Explorer. In case of my partners to use.
It is a point.
Well, we have clone images to improve delivery of new machines. These images do not have SEP installed, it is installed after, cause that problem with ID as well.
Now, is the point!!!
I noticed, some clients were using proxy to communicate with GUPs, those GUPs were in the same subnet, so, my client used my MPLS link to go to my Data Center, were the proxy is, and proxy connects in the GUPs to update the client.
I did not have the exceptions for local address and my subnets and names in the WPAD file. I fixed it anyway.
Well.. when I ran internet explorer with System Account, I saw that Auto-Detect was enabled. I just have DHCP deliver for WPAD in my subnet.
Anyway, I needed to fix the IE proxy settings for System Account. I need to set a proxy and correct exceptions.
Below, we have the most important. How to adjust it!!!
If you have an equal or similiar problem, you can follow :)
1 - Create a .bat script with these lines below:
@echo off
REM Created by Diego Maciel Gomes, at 12-14-2013
REM Script created to adjust IE proxy settings for system account
REM bitsadmin is a windows utility
REM here, we clear whole proxy config
bitsadmin /util /setieproxy localsystem NO_PROXY
REM here, we set the proxy and exceptions
REM change proxy.company.com according with your. Adjust the port and exceptions as well.
bitsadmin /util /setieproxy localsystem MANUAL_PROXY proxy.company.com:3128 "<local>*.company.com; 172.19.*; 172.20.*;"
exit
2 - Create a computer GPO and associate this script to run when Startup (at this moment, I assume you know how to do it)
3 - You can check the update by regedit:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
The key above has the stored config for system account.
Here, I show a line of my squid proxy that shows the wrong connection:
1387277796.586 9188 172.20.163.158 TCP_MISS/200 1454326 GET http://172.20.163.21:2967/content/{55DE35DC-862A-44c9-8A2B-3EF451665D0A}/131216011/xdelta131213011.dax - DIRECT/172.20.163.21 text/plain
After ran this script above, the machine does not use proxy anymore. The traffic is direct and save my bandwidth.
I hope it helps you like helped me!
Feel free to ask me something :)
Regards,
Diego