Audit Proxy Settings or IE Connections tab in registry

ncomper
ncomper used Ask the Experts™
on
Hi

I have been asked to find a away to prevent people changing their proxy settings. We have the proxy server set by GPO and this also removes the connection tab from IE, however the issue we have is not with normal users, its all the IT staff who are also local admins of the machines keep changing the setting in the registry to restore the connections tab and then removing the proxy, sadly we are on a large public network where we cannot lock down the firewall to only allow web traffic outbound to the proxy server.

Looking at GPO's i cant find away of managing HKCU\Software\Policies\Microsoft\Internet Explorer

Is there any way we can audit or lock this down?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2012
Top Expert 2014
Commented:
Since they're local admins, and the keys are HKCU, I would initially say no.

But, one way I can think of is to try removing the Administrators group, and the current user, from the permissions of
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

You can follow the guidelines here:
http://support.microsoft.com/kb/264584

so that you apply only RESTRICTED and SYSTEM to that key.  Once you apply that change though, I'm not sure what other adverse effects this may have.

NOTE: Now with that done, only the SYSTEM account will have rights to that key, so if you want to change it back, you'll have to execute another command under the local SYSTEM account, which can be achieved using PSExec.

CAUTION:  I would suggest testing this on a registry key that has no value on your system, so create a new one for testing.

That's the only way I can think of in terms of preventing.

In terms of auditing, you could write a Powershell or .NET app to monitor the registry key, and log the changes:
http://stevegilham.blogspot.com.au/2007/09/watching-files-registry-keys-from-net.html

Regards,

Rob.

Commented:
This may be of some use (http://support.microsoft.com/kb/831787) to lock the ability to actually use regedit

Author

Commented:
Thanks Rob, i used secacl to attempt this but i think its going to be a bit messy, i am going to go down the route of monitoring

Thanks again

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial