Solved

Want to set proxy with logon script on W2K/XP without access to registry

Posted on 2003-10-22
18
2,288 Views
Last Modified: 2007-12-19
Hi out there, I'm running a small school network w/ W2K & XP workstations. W2K and NT4 servers.

Does anyone know of a way to set the proxy settings for IE using a logon script having access to the registry disabled ? It's a piece of cake to add the needed registry patch if the registry is left accesible, but I want to be able to disable access to registry.

Any help appreciated !
0
Comment
Question by:gstromsten
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
18 Comments
 
LVL 8

Expert Comment

by:scraig84
ID: 9599809
So basically what you are saying is that you want to change the registry despite the fact that you have no access to the registry?

That setting is stored in the registry.  You need to be able to make the change if you want this to be possible.
0
 

Author Comment

by:gstromsten
ID: 9601182
Maybe I stated my need somewhat fuzzily.

I want to achive about the same thing that I can do by loading a registry patch, but without having to touch the registry directly.

Or find an useful way to enable access to the registry at login, then making it off limits again after the needed part of the login script has finished.

Nice problem isn't it ?
0
 
LVL 6

Expert Comment

by:pcandler
ID: 9601218
Hi gstromsten,
Are you using Active Directory (AD)?
If you are using AD then you can use Group Policies Objects to define and enforce settings for IE. MS Knowledgebase has article entitled "How to: Administer GPO's in W2K" http://support.microsoft.com/default.aspx?scid=kb;en-us;322143&Product=win2000
They are also good to prevent students from access the control panel.  http://support.microsoft.com/default.aspx?scid=kb;en-us;261241&Product=win2000

Not sure how to do it with NT 4.0, seem to recollect something to do with Sytem Policies

Paul
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:gstromsten
ID: 9601368
Nope, sorry to say that AD isn't yet an option due to a still capable NT4 server, would have been a nice solution, though.
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 9605708
As pcandler suggests, you could use old-fashioned NT System Policy to apply these settings.

System Policy would be applied at logon by the OS, and wouldn't require users to have access to the registry. You could also use it to disable the portion of the UI that allows users to change the proxy settings.

I would recommend this as the best approach to this problem. If you want some tips on implementing, just ask.
0
 

Author Comment

by:gstromsten
ID: 9605903
Hi Roly_Dee,

Sounds like a sensible approach, except for some minor details which might be due to me not knowing enough about using the NT4 system policy tool :

1. I haven't been able to figure out how to include the proxy settings in the system policy
2. certain nasty effects that I have run into when setting the policy for workstations from the NT4 server. These effects are :
On W2K and XP ws, impossible to pushinstall certain software after the NT4 directed tweak has been done, mainly the antivirus software we use is impossible to remotely install on a ws after the NT4 policy tweak once has been made, regardless of counteracting the tweak.
On XP ws, it forces the system into using the classic interface, but alas, when it's somewhat an imago matter to use XP.

Any advice appreciated !

0
 
LVL 4

Accepted Solution

by:
Roly_Dee earned 250 total points
ID: 9606624
Firstly, here's a link about creating a System Policy: http://support.microsoft.com/default.aspx?scid=kb;en-us;318753

Basically: create your policy; save it as NTCONFIG.POL; copy it to your NETLOGON shares.

In answer to your questions:
1. You will need to use a custom .adm (policy template) file. This allows you to define which values are manipulated in the registy. The standard MS ones are written so they only work with Group Policy, but we can fix that ;-) This is not too tricky, and we can revisit this after you have the system policies working.
2. Not sure what the "NT4 policy tweak" is that you refer to... I am not aware of any policy-related settings that would have the effects you described. Can you please supply details? Where did you hear about it?
0
 

Author Comment

by:gstromsten
ID: 9609102
First, thanks for the advice, I'm looking into it :)

About tweaks, well, I did run headlong into some side effects when I once wanted to tweak the policy regarding a certain user profile on a single ws, did it using the NT server's policy editor.

With W2K everything works just great, as long as I do not try to push a new package of the antivirus software we use to the ws,  simply just fails even after I have undone the settings I had fed to the ws. With XP, the same thing and in addition, locks the user interface into classic mode, just the utilization of the policy manager regardless of settings used causes this.
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 9615684
Not that I being nosey :o) but could you describe the actual tweaks? E.g. which key in the registry?

Also, when you say "try to push a new package of the antivirus software" I assume you are doing this with a tool within the AV package. This sounds like a separate problem, especially if you have undone your 'tweak'.

Let me know.

Cheers,
R
0
 

Author Comment

by:gstromsten
ID: 9616721
Hi,

The keys I did change was preventing to alter the display settings, disabling saving of changes, preventing use of registry editing tools and disabling change of password. Probably the cause is the prevention of registry access, but the interesting thing is that things aren't corrected when undoing my changes. Note that my changes were aimed at an ordinary user profile, not an administrator or power user and when using the AV packages tool to send the new software as a jar package, it doesn't any longer work on such a station. This is the only case when I've run into problems with that tool, ie after having used the NT policy editor from the server to alter the settings of single user profile on a W2K or XP ws.
0
 

Author Comment

by:gstromsten
ID: 9845122
Just to notify, did find out empirically that this seems to be beyound the powers of the NT4 box, will have to modify the local policies.
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 9849353
FYI We use System Policy in an NT4 domain to serve a few hundred 2000/XP PCs, including the proxy settings. System Policy definately is capable :-)
Did you manage to change the proxy settings with the policy editor, even on a single PC? Or did you get problems with applying it to the domain?
0
 

Expert Comment

by:AdmiralJ
ID: 10178731
I wrote a vbs logon script that will set the IE settings to your desired proxy.  E-mail me at jtx_1979@yahoo.com and I'll send you the code.  If you are using Squid Proxy perhaps we can assist each other on making it transparent so that any users that attach to your network will automatically be filtered through the proxy.  That is the next step I've attempted to reach, but due to time restrictions, and a small brain it has been a painful process.

AdmiralJ
0
 

Expert Comment

by:rpopa
ID: 10831979
What type of router do you use for getting your LAN into the internet? If  you have *nix, you could do like me: force the users to go through the proxy without so they even know it! Make squid a transparent proxy!
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 12322255
Question asked and answered: use System Policy on NT4!
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 will not send or receive 9 81
Migrating to Exchange 2016 - AD/DNS question 8 71
Apple tv and connecting to wifi 7 55
Windows 7's Backup Utility 12 61
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question