Want to set proxy with logon script on W2K/XP without access to registry

Posted on 2003-10-22
Last Modified: 2007-12-19
Hi out there, I'm running a small school network w/ W2K & XP workstations. W2K and NT4 servers.

Does anyone know of a way to set the proxy settings for IE using a logon script having access to the registry disabled ? It's a piece of cake to add the needed registry patch if the registry is left accesible, but I want to be able to disable access to registry.

Any help appreciated !
Question by:gstromsten
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 9599809
So basically what you are saying is that you want to change the registry despite the fact that you have no access to the registry?

That setting is stored in the registry.  You need to be able to make the change if you want this to be possible.

Author Comment

ID: 9601182
Maybe I stated my need somewhat fuzzily.

I want to achive about the same thing that I can do by loading a registry patch, but without having to touch the registry directly.

Or find an useful way to enable access to the registry at login, then making it off limits again after the needed part of the login script has finished.

Nice problem isn't it ?

Expert Comment

ID: 9601218
Hi gstromsten,
Are you using Active Directory (AD)?
If you are using AD then you can use Group Policies Objects to define and enforce settings for IE. MS Knowledgebase has article entitled "How to: Administer GPO's in W2K";en-us;322143&Product=win2000
They are also good to prevent students from access the control panel.;en-us;261241&Product=win2000

Not sure how to do it with NT 4.0, seem to recollect something to do with Sytem Policies

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.


Author Comment

ID: 9601368
Nope, sorry to say that AD isn't yet an option due to a still capable NT4 server, would have been a nice solution, though.

Expert Comment

ID: 9605708
As pcandler suggests, you could use old-fashioned NT System Policy to apply these settings.

System Policy would be applied at logon by the OS, and wouldn't require users to have access to the registry. You could also use it to disable the portion of the UI that allows users to change the proxy settings.

I would recommend this as the best approach to this problem. If you want some tips on implementing, just ask.

Author Comment

ID: 9605903
Hi Roly_Dee,

Sounds like a sensible approach, except for some minor details which might be due to me not knowing enough about using the NT4 system policy tool :

1. I haven't been able to figure out how to include the proxy settings in the system policy
2. certain nasty effects that I have run into when setting the policy for workstations from the NT4 server. These effects are :
On W2K and XP ws, impossible to pushinstall certain software after the NT4 directed tweak has been done, mainly the antivirus software we use is impossible to remotely install on a ws after the NT4 policy tweak once has been made, regardless of counteracting the tweak.
On XP ws, it forces the system into using the classic interface, but alas, when it's somewhat an imago matter to use XP.

Any advice appreciated !


Accepted Solution

Roly_Dee earned 250 total points
ID: 9606624
Firstly, here's a link about creating a System Policy:;en-us;318753

Basically: create your policy; save it as NTCONFIG.POL; copy it to your NETLOGON shares.

In answer to your questions:
1. You will need to use a custom .adm (policy template) file. This allows you to define which values are manipulated in the registy. The standard MS ones are written so they only work with Group Policy, but we can fix that ;-) This is not too tricky, and we can revisit this after you have the system policies working.
2. Not sure what the "NT4 policy tweak" is that you refer to... I am not aware of any policy-related settings that would have the effects you described. Can you please supply details? Where did you hear about it?

Author Comment

ID: 9609102
First, thanks for the advice, I'm looking into it :)

About tweaks, well, I did run headlong into some side effects when I once wanted to tweak the policy regarding a certain user profile on a single ws, did it using the NT server's policy editor.

With W2K everything works just great, as long as I do not try to push a new package of the antivirus software we use to the ws,  simply just fails even after I have undone the settings I had fed to the ws. With XP, the same thing and in addition, locks the user interface into classic mode, just the utilization of the policy manager regardless of settings used causes this.

Expert Comment

ID: 9615684
Not that I being nosey :o) but could you describe the actual tweaks? E.g. which key in the registry?

Also, when you say "try to push a new package of the antivirus software" I assume you are doing this with a tool within the AV package. This sounds like a separate problem, especially if you have undone your 'tweak'.

Let me know.


Author Comment

ID: 9616721

The keys I did change was preventing to alter the display settings, disabling saving of changes, preventing use of registry editing tools and disabling change of password. Probably the cause is the prevention of registry access, but the interesting thing is that things aren't corrected when undoing my changes. Note that my changes were aimed at an ordinary user profile, not an administrator or power user and when using the AV packages tool to send the new software as a jar package, it doesn't any longer work on such a station. This is the only case when I've run into problems with that tool, ie after having used the NT policy editor from the server to alter the settings of single user profile on a W2K or XP ws.

Author Comment

ID: 9845122
Just to notify, did find out empirically that this seems to be beyound the powers of the NT4 box, will have to modify the local policies.

Expert Comment

ID: 9849353
FYI We use System Policy in an NT4 domain to serve a few hundred 2000/XP PCs, including the proxy settings. System Policy definately is capable :-)
Did you manage to change the proxy settings with the policy editor, even on a single PC? Or did you get problems with applying it to the domain?

Expert Comment

ID: 10178731
I wrote a vbs logon script that will set the IE settings to your desired proxy.  E-mail me at and I'll send you the code.  If you are using Squid Proxy perhaps we can assist each other on making it transparent so that any users that attach to your network will automatically be filtered through the proxy.  That is the next step I've attempted to reach, but due to time restrictions, and a small brain it has been a painful process.


Expert Comment

ID: 10831979
What type of router do you use for getting your LAN into the internet? If  you have *nix, you could do like me: force the users to go through the proxy without so they even know it! Make squid a transparent proxy!

Expert Comment

ID: 12322255
Question asked and answered: use System Policy on NT4!

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month11 days, 6 hours left to enroll

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question