Want to set proxy with logon script on W2K/XP without access to registry

Hi out there, I'm running a small school network w/ W2K & XP workstations. W2K and NT4 servers.

Does anyone know of a way to set the proxy settings for IE using a logon script having access to the registry disabled ? It's a piece of cake to add the needed registry patch if the registry is left accesible, but I want to be able to disable access to registry.

Any help appreciated !
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So basically what you are saying is that you want to change the registry despite the fact that you have no access to the registry?

That setting is stored in the registry.  You need to be able to make the change if you want this to be possible.
gstromstenAuthor Commented:
Maybe I stated my need somewhat fuzzily.

I want to achive about the same thing that I can do by loading a registry patch, but without having to touch the registry directly.

Or find an useful way to enable access to the registry at login, then making it off limits again after the needed part of the login script has finished.

Nice problem isn't it ?
Hi gstromsten,
Are you using Active Directory (AD)?
If you are using AD then you can use Group Policies Objects to define and enforce settings for IE. MS Knowledgebase has article entitled "How to: Administer GPO's in W2K" http://support.microsoft.com/default.aspx?scid=kb;en-us;322143&Product=win2000
They are also good to prevent students from access the control panel.  http://support.microsoft.com/default.aspx?scid=kb;en-us;261241&Product=win2000

Not sure how to do it with NT 4.0, seem to recollect something to do with Sytem Policies

SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

gstromstenAuthor Commented:
Nope, sorry to say that AD isn't yet an option due to a still capable NT4 server, would have been a nice solution, though.
As pcandler suggests, you could use old-fashioned NT System Policy to apply these settings.

System Policy would be applied at logon by the OS, and wouldn't require users to have access to the registry. You could also use it to disable the portion of the UI that allows users to change the proxy settings.

I would recommend this as the best approach to this problem. If you want some tips on implementing, just ask.
gstromstenAuthor Commented:
Hi Roly_Dee,

Sounds like a sensible approach, except for some minor details which might be due to me not knowing enough about using the NT4 system policy tool :

1. I haven't been able to figure out how to include the proxy settings in the system policy
2. certain nasty effects that I have run into when setting the policy for workstations from the NT4 server. These effects are :
On W2K and XP ws, impossible to pushinstall certain software after the NT4 directed tweak has been done, mainly the antivirus software we use is impossible to remotely install on a ws after the NT4 policy tweak once has been made, regardless of counteracting the tweak.
On XP ws, it forces the system into using the classic interface, but alas, when it's somewhat an imago matter to use XP.

Any advice appreciated !

Firstly, here's a link about creating a System Policy: http://support.microsoft.com/default.aspx?scid=kb;en-us;318753

Basically: create your policy; save it as NTCONFIG.POL; copy it to your NETLOGON shares.

In answer to your questions:
1. You will need to use a custom .adm (policy template) file. This allows you to define which values are manipulated in the registy. The standard MS ones are written so they only work with Group Policy, but we can fix that ;-) This is not too tricky, and we can revisit this after you have the system policies working.
2. Not sure what the "NT4 policy tweak" is that you refer to... I am not aware of any policy-related settings that would have the effects you described. Can you please supply details? Where did you hear about it?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gstromstenAuthor Commented:
First, thanks for the advice, I'm looking into it :)

About tweaks, well, I did run headlong into some side effects when I once wanted to tweak the policy regarding a certain user profile on a single ws, did it using the NT server's policy editor.

With W2K everything works just great, as long as I do not try to push a new package of the antivirus software we use to the ws,  simply just fails even after I have undone the settings I had fed to the ws. With XP, the same thing and in addition, locks the user interface into classic mode, just the utilization of the policy manager regardless of settings used causes this.
Not that I being nosey :o) but could you describe the actual tweaks? E.g. which key in the registry?

Also, when you say "try to push a new package of the antivirus software" I assume you are doing this with a tool within the AV package. This sounds like a separate problem, especially if you have undone your 'tweak'.

Let me know.

gstromstenAuthor Commented:

The keys I did change was preventing to alter the display settings, disabling saving of changes, preventing use of registry editing tools and disabling change of password. Probably the cause is the prevention of registry access, but the interesting thing is that things aren't corrected when undoing my changes. Note that my changes were aimed at an ordinary user profile, not an administrator or power user and when using the AV packages tool to send the new software as a jar package, it doesn't any longer work on such a station. This is the only case when I've run into problems with that tool, ie after having used the NT policy editor from the server to alter the settings of single user profile on a W2K or XP ws.
gstromstenAuthor Commented:
Just to notify, did find out empirically that this seems to be beyound the powers of the NT4 box, will have to modify the local policies.
FYI We use System Policy in an NT4 domain to serve a few hundred 2000/XP PCs, including the proxy settings. System Policy definately is capable :-)
Did you manage to change the proxy settings with the policy editor, even on a single PC? Or did you get problems with applying it to the domain?
I wrote a vbs logon script that will set the IE settings to your desired proxy.  E-mail me at jtx_1979@yahoo.com and I'll send you the code.  If you are using Squid Proxy perhaps we can assist each other on making it transparent so that any users that attach to your network will automatically be filtered through the proxy.  That is the next step I've attempted to reach, but due to time restrictions, and a small brain it has been a painful process.

What type of router do you use for getting your LAN into the internet? If  you have *nix, you could do like me: force the users to go through the proxy without so they even know it! Make squid a transparent proxy!
Question asked and answered: use System Policy on NT4!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.