Настройка параметров прокси-сервера клиента с помощью файла реестра

В этой статье описывается создание файла реестра Windows для настройки параметров прокси-сервера на клиентский компьютер, на который работает Microsoft Internet Explorer или Windows Internet Explorer.

Оригинальная версия продукта: Windows 7 Пакет обновления 1
Исходный номер КБ: 819961

Общая информация

Вы можете автоматически настроить параметры прокси-сервера на клиентский компьютер, обновив реестр клиентского компьютера. Для этого создайте файл реестра, содержащий параметры реестра, которые необходимо обновить. Затем раздать его на клиентский компьютер с помощью пакетного файла или сценария логотипа.

В этот раздел, описание метода или задачи включены действия, содержащие указания по изменению параметров реестра. Однако неправильное изменение параметров реестра может привести к возникновению серьезных проблем. Поэтому следует в точности выполнять приведенные инструкции. Для дополнительной защиты создайте резервную копию реестра, прежде чем редактировать его. Так вы сможете восстановить реестр, если возникнет проблема. Дополнительные сведения о том, как создать и восстановить реестр, см. в этой информации, как создать и восстановить реестр в Windows.

Создание файла реестра

Чтобы настроить параметры прокси-сервера на клиентский компьютер, создайте следующий файл .reg для заполнения реестра сведениями прокси-сервера:

файле — имя прокси-сервера.

Дополнительные сведения

Вы также можете использовать набор администрирования Internet Explorer (IEAK) для настройки параметров прокси-сервера на клиентских компьютерах.

Configure device proxy and Internet connectivity settings

Applies to:

The Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.

The embedded Defender for Endpoint sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Defender for Endpoint cloud service.

For organizations that use forward proxies as a gateway to the Internet, you can use network protection to investigate behind a proxy. For more information, see Investigate connection events that occur behind forward proxies.

The WinHTTP configuration setting is independent of the Windows Internet (WinINet) Internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:

Web Proxy Auto-discovery Protocol (WPAD)

If you’re using Transparent proxy or WPAD in your network topology, you don’t need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see Enable access to Defender for Endpoint service URLs in the proxy server.

Manual static proxy configuration:

• Registry based configuration
• WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)

Configure the proxy server manually using a registry-based static proxy

Configure a registry-based static proxy to allow only Defender for Endpoint sensor to report diagnostic data and communicate with Defender for Endpoint services if a computer is not be permitted to connect to the Internet.

• When using this option on Windows 10 or Windows Server 2019, it is recommended to have the following (or later) build and cumulative update rollup:
  Windows 10, version 1909 — https://support.microsoft.com/kb/4601380 Windows 10, version 2004 — https://support.microsoft.com/kb/4601382
  Windows 10, version 20H2 — https://support.microsoft.com/kb/4601382 These updates improve the connectivity and reliability of the CnC (Command and Control) channel.

The static proxy is configurable through Group Policy (GP). The group policy can be found under:

• Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service
  • Set it to Enabled and select Disable Authenticated Proxy usage:
• Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry:

  Configure the proxy:
  

  The policy sets two registry values TelemetryProxyServer as REG_SZ and DisableEnterpriseAuthProxy as REG_DWORD under the registry key HKLM\Software\Policies\Microsoft\Windows\DataCollection .

  The registry value TelemetryProxyServer takes the following string format:

  For example: 10.0.0.6:8080

  The registry value DisableEnterpriseAuthProxy should be set to 1.

  Configure the proxy server manually using netsh command

  Use netsh to configure a system-wide static proxy.

  • This will affect all applications including Windows services which use WinHTTP with default proxy.
  • Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration.

  Open an elevated command-line:

  a. Go to Start and type cmd.

  b. Right-click Command prompt and select Run as administrator.

  Enter the following command and press Enter:

  For example: netsh winhttp set proxy 10.0.0.6:8080

  To reset the winhttp proxy, enter the following command and press Enter

  Enable access to Microsoft Defender for Endpoint service URLs in the proxy server

  If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.

  The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

  Spreadsheet of domains list

  Description

  Spreadsheet of specific DNS records for service locations, geographic locations, and OS. If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning. settings-win.data.microsoft.com is only needed if you have Windows 10 devices running version 1803 or earlier. URLs that include v20 in them are only needed if you have Windows 10 devices running version 1803 or later. For example, us-v20.events.data.microsoft.com is needed for a Windows 10 device running version 1803 or later and onboarded to US Data Storage region. If you are using Microsoft Defender Antivirus in your environment, see Configure network connections to the Microsoft Defender Antivirus cloud service. If a proxy or firewall is blocking anonymous traffic, as Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs. Microsoft Monitoring Agent (MMA) — proxy and firewall requirements for older versions of Windows client or Windows Server The information below list the proxy and firewall configuration information required to communicate with Log Analytics agent (often referred to as Microsoft Monitoring Agent) for the previous versions of Windows such as Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016. Agent Resource Ports Direction Bypass HTTPS inspection *.ods.opinsights.azure.com Port 443 Outbound Yes *.oms.opinsights.azure.com Port 443 Outbound Yes *.blob.core.windows.net Port 443 Outbound Yes *.azure-automation.net Port 443 Outbound Yes As a cloud-based solution, the IP range can change. It’s recommended you move to DNS resolving setting. Confirm Microsoft Monitoring Agent (MMA) Service URL Requirements Please see the following guidance to eliminate the wildcard (*) requirement for your specific environment when using the Microsoft Monitoring Agent (MMA) for previous versions of Windows. Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see Onboard previous versions of Windows on Defender for Endpoint and Onboard Windows servers. Ensure the machine is successfully reporting into the Microsoft Defender Security Center portal. Run the TestCloudConnection.exe tool from “C:\Program Files\Microsoft Monitoring Agent\Agent” to validate the connectivity and to see the required URLs for your specific workspace. Check the Microsoft Defender for Endpoint URLs list for the complete list of requirements for your region (please refer to the Service URLs Spreadsheet). The wildcards (*) used in *.ods.opinsights.azure.com, *.oms.opinsights.azure.com, and *.agentsvc.azure-automation.net URL endpoints can be replaced with your specific Workspace ID. The Workspace ID is specific to your environment and workspace and can be found in the Onboarding section of your tenant within the Microsoft Defender Security Center portal. The *.blob.core.windows.net URL endpoint can be replaced with the URLs shown in the “Firewall Rule: *.blob.core.windows.net” section of the test results. In the case of onboarding via Azure Security Center (ASC), multiple workspaces maybe used. You will need to perform the TestCloudConnection.exe procedure above on an onboarded machine from each workspace (to determine if there are any changes to the *.blob.core.windows.net URLs between the workspaces). Verify client connectivity to Microsoft Defender ATP service URLs Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs. Download the MDATP Client Analyzer tool to the PC where Defender for Endpoint sensor is running on. Extract the contents of MDATPClientAnalyzer.zip on the device. Open an elevated command-line: a. Go to Start and type cmd. b. Right-click Command prompt and select Run as administrator. Enter the following command and press Enter: Replace HardDrivePath with the path where the MDATPClientAnalyzer tool was downloaded to, for example Extract the MDATPClientAnalyzerResult.zip file created by tool in the folder used in the HardDrivePath. Open MDATPClientAnalyzerResult.txt and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. The tool checks the connectivity of Defender for Endpoint service URLs that Defender for Endpoint client is configured to interact with. It then prints the results into the MDATPClientAnalyzerResult.txt file for each URL that can potentially be used to communicate with the Defender for Endpoint services. For example: If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method. However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in Enable access to Defender for Endpoint service URLs in the proxy server. The URLs you’ll use will depend on the region selected during the onboarding procedure. The Connectivity Analyzer tool is not compatible with ASR rule Block process creations originating from PSExec and WMI commands. You will need to temporarily disable this rule to run the connectivity tool. When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can’t access the defined proxy. Configure client proxy server settings by using a registry file This article describes how to create a Windows registry file to configure the proxy server settings on a client computer that’s running Microsoft Internet Explorer or Windows Internet Explorer. Original product version: В Windows 7 Service Pack 1 Original KB number: В 819961 Summary You can automatically configure the proxy server settings on a client computer by updating the client computer registry. To do it, create a registry file that contains the registry settings you want to update. Then distribute it to the client computer by using a batch file or logon script. This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, see How to back up and restore the registry in Windows. Create a registry file To configure the proxy server settings on a client computer, create the following .reg file to populate the registry with the proxy server information: is the name of your proxy server. More information You can also use the Internet Explorer Administration Kit (IEAK) to configure proxy server settings on client computers. Читайте также:  Принтер hp laserjet p1566 драйвера windows 10 Оцените статью Вам также может понравиться Windows или Linux: Что лучше выбрать? Есть много причин выбирать между Windows и Linux, но Файл владелец изменить linux Команда Chown в Linux Chown Command in Linux (File Установка шлюза по умолчанию linux Настройка сети вручную Содержание Краткое описание Чем разбить диск для linux ИТ База знаний Курс по Asterisk Полезно — Узнать IP — Правообладателям Политика конфиденциальности Контакты