Solved

Want to set proxy with logon script on W2K/XP without access to registry

Posted on 2003-10-22
18
2,281 Views
Last Modified: 2007-12-19
Hi out there, I'm running a small school network w/ W2K & XP workstations. W2K and NT4 servers.

Does anyone know of a way to set the proxy settings for IE using a logon script having access to the registry disabled ? It's a piece of cake to add the needed registry patch if the registry is left accesible, but I want to be able to disable access to registry.

Any help appreciated !
0
Comment
Question by:gstromsten
18 Comments
 
LVL 8

Expert Comment

by:scraig84
ID: 9599809
So basically what you are saying is that you want to change the registry despite the fact that you have no access to the registry?

That setting is stored in the registry.  You need to be able to make the change if you want this to be possible.
0
 

Author Comment

by:gstromsten
ID: 9601182
Maybe I stated my need somewhat fuzzily.

I want to achive about the same thing that I can do by loading a registry patch, but without having to touch the registry directly.

Or find an useful way to enable access to the registry at login, then making it off limits again after the needed part of the login script has finished.

Nice problem isn't it ?
0
 
LVL 6

Expert Comment

by:pcandler
ID: 9601218
Hi gstromsten,
Are you using Active Directory (AD)?
If you are using AD then you can use Group Policies Objects to define and enforce settings for IE. MS Knowledgebase has article entitled "How to: Administer GPO's in W2K" http://support.microsoft.com/default.aspx?scid=kb;en-us;322143&Product=win2000
They are also good to prevent students from access the control panel.  http://support.microsoft.com/default.aspx?scid=kb;en-us;261241&Product=win2000

Not sure how to do it with NT 4.0, seem to recollect something to do with Sytem Policies

Paul
0
 

Author Comment

by:gstromsten
ID: 9601368
Nope, sorry to say that AD isn't yet an option due to a still capable NT4 server, would have been a nice solution, though.
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 9605708
As pcandler suggests, you could use old-fashioned NT System Policy to apply these settings.

System Policy would be applied at logon by the OS, and wouldn't require users to have access to the registry. You could also use it to disable the portion of the UI that allows users to change the proxy settings.

I would recommend this as the best approach to this problem. If you want some tips on implementing, just ask.
0
 

Author Comment

by:gstromsten
ID: 9605903
Hi Roly_Dee,

Sounds like a sensible approach, except for some minor details which might be due to me not knowing enough about using the NT4 system policy tool :

1. I haven't been able to figure out how to include the proxy settings in the system policy
2. certain nasty effects that I have run into when setting the policy for workstations from the NT4 server. These effects are :
On W2K and XP ws, impossible to pushinstall certain software after the NT4 directed tweak has been done, mainly the antivirus software we use is impossible to remotely install on a ws after the NT4 policy tweak once has been made, regardless of counteracting the tweak.
On XP ws, it forces the system into using the classic interface, but alas, when it's somewhat an imago matter to use XP.

Any advice appreciated !

0
 
LVL 4

Accepted Solution

by:
Roly_Dee earned 250 total points
ID: 9606624
Firstly, here's a link about creating a System Policy: http://support.microsoft.com/default.aspx?scid=kb;en-us;318753

Basically: create your policy; save it as NTCONFIG.POL; copy it to your NETLOGON shares.

In answer to your questions:
1. You will need to use a custom .adm (policy template) file. This allows you to define which values are manipulated in the registy. The standard MS ones are written so they only work with Group Policy, but we can fix that ;-) This is not too tricky, and we can revisit this after you have the system policies working.
2. Not sure what the "NT4 policy tweak" is that you refer to... I am not aware of any policy-related settings that would have the effects you described. Can you please supply details? Where did you hear about it?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:gstromsten
ID: 9609102
First, thanks for the advice, I'm looking into it :)

About tweaks, well, I did run headlong into some side effects when I once wanted to tweak the policy regarding a certain user profile on a single ws, did it using the NT server's policy editor.

With W2K everything works just great, as long as I do not try to push a new package of the antivirus software we use to the ws,  simply just fails even after I have undone the settings I had fed to the ws. With XP, the same thing and in addition, locks the user interface into classic mode, just the utilization of the policy manager regardless of settings used causes this.
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 9615684
Not that I being nosey :o) but could you describe the actual tweaks? E.g. which key in the registry?

Also, when you say "try to push a new package of the antivirus software" I assume you are doing this with a tool within the AV package. This sounds like a separate problem, especially if you have undone your 'tweak'.

Let me know.

Cheers,
R
0
 

Author Comment

by:gstromsten
ID: 9616721
Hi,

The keys I did change was preventing to alter the display settings, disabling saving of changes, preventing use of registry editing tools and disabling change of password. Probably the cause is the prevention of registry access, but the interesting thing is that things aren't corrected when undoing my changes. Note that my changes were aimed at an ordinary user profile, not an administrator or power user and when using the AV packages tool to send the new software as a jar package, it doesn't any longer work on such a station. This is the only case when I've run into problems with that tool, ie after having used the NT policy editor from the server to alter the settings of single user profile on a W2K or XP ws.
0
 

Author Comment

by:gstromsten
ID: 9845122
Just to notify, did find out empirically that this seems to be beyound the powers of the NT4 box, will have to modify the local policies.
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 9849353
FYI We use System Policy in an NT4 domain to serve a few hundred 2000/XP PCs, including the proxy settings. System Policy definately is capable :-)
Did you manage to change the proxy settings with the policy editor, even on a single PC? Or did you get problems with applying it to the domain?
0
 

Expert Comment

by:AdmiralJ
ID: 10178731
I wrote a vbs logon script that will set the IE settings to your desired proxy.  E-mail me at jtx_1979@yahoo.com and I'll send you the code.  If you are using Squid Proxy perhaps we can assist each other on making it transparent so that any users that attach to your network will automatically be filtered through the proxy.  That is the next step I've attempted to reach, but due to time restrictions, and a small brain it has been a painful process.

AdmiralJ
0
 

Expert Comment

by:rpopa
ID: 10831979
What type of router do you use for getting your LAN into the internet? If  you have *nix, you could do like me: force the users to go through the proxy without so they even know it! Make squid a transparent proxy!
0
 
LVL 4

Expert Comment

by:Roly_Dee
ID: 12322255
Question asked and answered: use System Policy on NT4!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now