- Bohack - https://www.bohack.com -

Windows Server 2008 Replacement of ProxyCfg.exe

When setting up a secure server farm you always want to filter egress traffic. This means that all outbound traffic is blocked by default, including the web traffic from the servers. When surfing is required for drivers and downloads, this is usually handled by setting the proxy in the Internet Explorer options.  However if you want certain processes / services like Windows Update to automatically retrieve updates and wait for manual approval, the next time you login. You need to set a proxy server up and force the Local Machine to use it. The setting in the IE properties page is for the Current User only.

In Windows XP and Windows 2003 this was done via the command proxycfg.exe. You would simply set and unset the “Local Machine” proxy with the commands:

The old way to set the "Local Machine" proxy:

Proxycfg –p {proxy address:port} {bypass list}

Proxycfg -p "proxy.bohack.com:8180" "<local>;*.bohack.com"

The old way to unset it:

Proxycfg –d

It basically sets the registry value below, to the values you specify in with the proxycfg command.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings

So what happened to the “proxycfg.exe” command? Starting in Vista, Windows Server 2008 and Windows 7 you will no longer find the proxycfg command. It has now been replaced with the “netsh” command. This command can be used either interactively by tying “netsh” and navigating the tree of commands or used in a one line command sequence, like shown below.

The new way to set the "Local Machine" Proxy:

netsh winhttp set proxy {proxy address:port} {bypass list}

netsh winhttp set proxy "proxy.bohack.com:8180" "<local>;*.bohack.com"

The new way to unset it:

netsh winhttp reset proxy

Check the settings with:

netsh winhttp show proxy

The new commands change the same registry value above, the only thing that changed it the command to set and unset the Local Machine proxy. Theoretically you could export out the registry setting and import it onto another machine.