Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

How to adjust proxy settings for System Account

Created: 17 Dec 2013 • Updated: 19 Dec 2013 | 2 comments
dimago's picture
+2 2 Votes
Login to vote

Hello guys,

I want to share with you a problem I had having.

I have Explicit proxy in my network. I have a GPO that update it for my clients.

Here, in my subnet, I have a WPAD script, to set it by DHCP and Auto-Detect by Internet Explorer. In case of my partners to use.

It is a point.

Well, we have clone images to improve delivery of new machines. These images do not have SEP installed, it is installed after, cause that problem with ID as well.

Now, is the point!!!

I noticed, some clients were using proxy to communicate with GUPs, those GUPs were in the same subnet, so, my client used my MPLS link to go to my Data Center, were the proxy is, and proxy connects in the GUPs to update the client.

I did not have the exceptions for local address and my subnets and names in the WPAD file. I fixed it anyway.

Well.. when I ran internet explorer with System Account, I saw that Auto-Detect was enabled. I just have DHCP deliver for WPAD in my subnet.

Anyway, I needed to fix the IE proxy settings for System Account. I need to set a proxy and correct exceptions.

Below, we have the most important. How to adjust it!!!

If you have an equal or similiar problem, you can follow :)

1 - Create a .bat script with these lines below:

@echo off

REM Created by Diego Maciel Gomes, at 12-14-2013
REM Script created to adjust IE proxy settings for system account

REM bitsadmin is a windows utility
REM here, we clear whole proxy config
bitsadmin /util /setieproxy localsystem NO_PROXY

REM here, we set the proxy and exceptions
REM change according with your. Adjust the port and exceptions as well.
bitsadmin /util /setieproxy localsystem MANUAL_PROXY "<local>*; 172.19.*; 172.20.*;"


2 - Create a computer GPO and associate this script to run when Startup (at this moment, I assume you know how to do it)

3 - You can check the update by regedit:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

The key above has the stored config for system account.

Here, I show a line of my squid proxy that shows the wrong connection:

1387277796.586   9188 TCP_MISS/200 1454326 GET{55DE35DC-862A-44c9-8A2B-3EF451665D0A}/131216011/xdelta131213011.dax - DIRECT/ text/plain

After ran this script above, the machine does not use proxy anymore. The traffic is direct and save my bandwidth.

I hope it helps you like helped me!

Feel free to ask me something :)



Comments 2 CommentsJump to latest comment

ℬrίαη's picture

Appreciate you sharing this!


Login to vote
dimago's picture

Thanks Brian!

You noticed my problem in early posts, yeah!!!

Login to vote