advproxy - The Advanced Web Proxy add-on

   

HOWTO: Configuring the Windows Update Client

As long as you are not running your own Windows Update Server (WSUS) in your local network, it will be necessary to configure your client computers to download their updates from the external Windows Update site. The default settings will work with a normal transparent connection. But if you are running a non-transparent proxy server, the things will become difficult.

Under normal circumstances, the proxy settings are applied on a per user basis. Due to the fact that the Windows Update Client runs as a service, it doesn't take notice of these user based proxy settings.

For this reason it will be required to make the proxy settings per-machine rather than per-user.

There are different ways to do this:

  • Using Group Policy Objects (GPO)
  • Manual client configuration
  • During Windows Setup

Configuring the Windows Update Client using Group Policies

If your network uses Active Directoy, it would be easy to manage all workstations and distribute the required settings via GPO.

The following example assumes your ADS domain name is ads.local and your IPCop uses the IP address 192.168.1.1 and listens to port 800.

Step 1:

Open the console window for Active Directory Users and Computers and right click on the domain name. Select Properties from the menu (figure 1).

Figure 1
Figure 1 (click to enlarge)

Step 2:

From the properties window select Group Policy and click Edit (figure 2).

Figure 2
Figure 1 (click to enlarge)

Step 3:

In the Group Policy Editor within the section Computer Configuration select

Administrative Templates | Windows Components | Internet Explorer

and enable the Make proxy settings per-machine (rather than per-user) policy (figure 3).

Figure 3
Figure 3 (click to enlarge)

Step 4:

Change to the User Configuration section and go to

Windows Settings | Internet Explorer Maintenance | Connection

and select the Proxy Settings policy (figure 4).

Figure 4
Figure 4 (click to enlarge)

Step 5:

Enter your proxy IP address and port in the Proxy Settings policy dialog window (figure 5).

Figure 5
Figure 5 (click to enlarge)

 

Manual Windows Update Client configuration

To change the proxy settings from per-user to per-machine you need to login to the workstation with an administrative account.

Step 1:

Set the registry key

ProxySettingsPerUser

with a DWORD value of 0 in the HKEY_LOCAL_MACHINE branch

SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

This can be done by adding this value using the registry editor (figure 6) or using a .reg file.

Figure 6
Figure 6 (click to enlarge)

Step 2:

Open the Internet Explorer web browser and configure the proxy server.


Alternative procedure for the Windows Update Client V5:

Windows XP with Service Pack 2 (and some versions of Windows Server 2003) comes with the Windows Update Client V5.

Step 1:

Login with an administrative account.

Step 2:

Open the Internet Explorer web browser and configure the proxy server.

Step 3:

Open a command prompt window and execute the command

proxycfg -u

to set the proxy server configuration for the Windows Update Client (figure 7).

Figure 7
Figure 7 (click to enlarge)

 

Client configuration during Windows Setup

The proxy server can be configured and set to a per-machine assignment during Windows Setup using the Unattended Setup or the Sysprep utility.

Add the following lines to the response file (assuming that your IPCop uses the IP address 192.168.1.1 and listens to port 800):

[Proxy]
HTTP_Proxy_Server=http://192.168.1.1:800
Secure_Proxy_Server=http://192.168.1.1:800
Proxy_Enable=1
Use_Same_Proxy=1

The related response files are as follows:

  • Network based setup: unattend.txt
  • CD-ROM based setup: txtsetup.sif
  • Sysprep based setup: sysprep.inf


HOWTO: Configuring the local Windows Update Server

Synchronizing the Windows Update Server through a proxy

If you are running your own Windows Update Server (WSUS) in your local network, it will be necessary to configure the Windows Update Server to use a proxy for the synchronization with the Windows Update site.

Step 1:

Enter the address and port for the proxy server at

Options | Synchronization Options | Proxy Server

within the WSUS admin page. If required, you can also enter the credentials for proxy authentication here.

Figure 1 shows the WSUS options dialog, assuming that your IPCop proxy uses the IP address 192.168.1.1 and the default port 800.

Figure 1
Figure 1 (click to enlarge)


advproxy © Copyright 2004-2008 by Marco Sondermann - Last update: 2008-03-09


Valid XHTML 1.0!   Valid CSS!