prevent domain controller using wpad for windows updateprevent storage in documents and settings for account...
How do I lift the insulation blower into the attic?
Would this string work as string?
What properties make a magic weapon befit a Rogue more than a DEX-based Fighter?
Non-Borel set in arbitrary metric space
"Marked down as someone wanting to sell shares." What does that mean?
Mortal danger in mid-grade literature
How to split IPA spelling into syllables
How do I prevent inappropriate ads from appearing in my game?
Turning a hard to access nut?
Do people actually use the word "kaputt" in conversation?
How can a new country break out from a developed country without war?
Are hand made posters acceptable in Academia?
What is this high flying aircraft over Pennsylvania?
What can I do if I am asked to learn different programming languages very frequently?
How do you justify more code being written by following clean code practices?
What is the purpose of using a decision tree?
Writing in a Christian voice
Why can't I get pgrep output right to variable on bash script?
How would a solely written language work mechanically
How to get directions in deep space?
What should be the ideal length of sentences in a blog post for ease of reading?
Sort with assumptions
Does capillary rise violate hydrostatic paradox?
New Order #2: Turn My Way
prevent domain controller using wpad for windows update
prevent storage in documents and settings for account (windows)Can we disable/hide Automatic Update notifications for Local Admin users on Windows 2008 TS?Need for another Domain ControllerWindows: How to “hide” domain details from (domain) administrator?What should the order of DNS servers be for an AD Domain Controller and Why?How do you configure Web Proxy Autodiscovery Protocol (WPAD) when you have no proxy?Testing WPAD file locally with Internet Explorer 11Unable to update Windows server 2012Log into Read-Only Domain Controller as administrator without connectivity to Primary Domain ControllerHow can I get a Managed Service Account to use internet proxy settings from Group Policy?
We have a 2012 domain controller in an environment where we are running a web proxy auto discovery (WPAD) setup for client devices, and that proxy server requires authentication. However windows update does not support proxy servers requiring authentication.
So we want to prevent windows update on our servers from using the WPAD proxy settings. On a domain member server we can log in to the local administrator account (not domain admin) and un-tick the the "Auto detect proxy settings" in IE internet options and that fixes the issue on those servers. But a domain controller does not have a local admin account, as that account is the domain admin account. Doing this to the domain admin account on the DC does not prevent it from using WPAD.
Our whole purpose of running a proxy server that requires authentication is so we can identify what the users on our session based remote desktop servers are doing on the internet.
See this MS KB Article for some info about Windows update and proxy servers
"How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site" - http://support.microsoft.com/kb/900935
windows proxy domain-controller windows-update wpad
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
We have a 2012 domain controller in an environment where we are running a web proxy auto discovery (WPAD) setup for client devices, and that proxy server requires authentication. However windows update does not support proxy servers requiring authentication.
So we want to prevent windows update on our servers from using the WPAD proxy settings. On a domain member server we can log in to the local administrator account (not domain admin) and un-tick the the "Auto detect proxy settings" in IE internet options and that fixes the issue on those servers. But a domain controller does not have a local admin account, as that account is the domain admin account. Doing this to the domain admin account on the DC does not prevent it from using WPAD.
Our whole purpose of running a proxy server that requires authentication is so we can identify what the users on our session based remote desktop servers are doing on the internet.
See this MS KB Article for some info about Windows update and proxy servers
"How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site" - http://support.microsoft.com/kb/900935
windows proxy domain-controller windows-update wpad
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
It looks like it's not as easy as I thought it was in W2K12. You have to use GP Preferences under User Configuration and then make the proxy settings machine wide under Computer Configuration. I'm going to delete my answer as I think I may have led you astray. Apologies.
– joeqwerty
Oct 18 '13 at 4:59
A bit of an aside, but WSUS does let you specify Proxy server credentials. In doing so, it would be able to authenticate into your Proxy server and download updates for your servers and workstations. Plus it has the added bonus of only downloading the updates once if you choose to let WSUS handle downloads..
– MikeAWood
Oct 22 '13 at 0:03
@MikeAWood that's fine at head office where we have the required storage, but the satellite branches do not have the storage space for a wsus repository, so this is why I am wanting a method for the client's WU to avoid using our WPAD that does require authentication. Also at the satellite branches having each device download just the updates it needs is actually less bandwidth than a WSUS server downloading all the updates we need to approve company wide.
– BeowulfNode42
Oct 24 '13 at 2:23
That's the great part about wsus... You can tell the clients to download the updates as needed but centrally manage the updates...
– MikeAWood
Oct 29 '13 at 0:47
add a comment |
We have a 2012 domain controller in an environment where we are running a web proxy auto discovery (WPAD) setup for client devices, and that proxy server requires authentication. However windows update does not support proxy servers requiring authentication.
So we want to prevent windows update on our servers from using the WPAD proxy settings. On a domain member server we can log in to the local administrator account (not domain admin) and un-tick the the "Auto detect proxy settings" in IE internet options and that fixes the issue on those servers. But a domain controller does not have a local admin account, as that account is the domain admin account. Doing this to the domain admin account on the DC does not prevent it from using WPAD.
Our whole purpose of running a proxy server that requires authentication is so we can identify what the users on our session based remote desktop servers are doing on the internet.
See this MS KB Article for some info about Windows update and proxy servers
"How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site" - http://support.microsoft.com/kb/900935
windows proxy domain-controller windows-update wpad
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
We have a 2012 domain controller in an environment where we are running a web proxy auto discovery (WPAD) setup for client devices, and that proxy server requires authentication. However windows update does not support proxy servers requiring authentication.
So we want to prevent windows update on our servers from using the WPAD proxy settings. On a domain member server we can log in to the local administrator account (not domain admin) and un-tick the the "Auto detect proxy settings" in IE internet options and that fixes the issue on those servers. But a domain controller does not have a local admin account, as that account is the domain admin account. Doing this to the domain admin account on the DC does not prevent it from using WPAD.
Our whole purpose of running a proxy server that requires authentication is so we can identify what the users on our session based remote desktop servers are doing on the internet.
See this MS KB Article for some info about Windows update and proxy servers
"How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site" - http://support.microsoft.com/kb/900935
windows proxy domain-controller windows-update wpad
windows proxy domain-controller windows-update wpad
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
asked Oct 18 '13 at 3:12
BeowulfNode42BeowulfNode42
2,27811329
2,27811329
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
It looks like it's not as easy as I thought it was in W2K12. You have to use GP Preferences under User Configuration and then make the proxy settings machine wide under Computer Configuration. I'm going to delete my answer as I think I may have led you astray. Apologies.
– joeqwerty
Oct 18 '13 at 4:59
A bit of an aside, but WSUS does let you specify Proxy server credentials. In doing so, it would be able to authenticate into your Proxy server and download updates for your servers and workstations. Plus it has the added bonus of only downloading the updates once if you choose to let WSUS handle downloads..
– MikeAWood
Oct 22 '13 at 0:03
@MikeAWood that's fine at head office where we have the required storage, but the satellite branches do not have the storage space for a wsus repository, so this is why I am wanting a method for the client's WU to avoid using our WPAD that does require authentication. Also at the satellite branches having each device download just the updates it needs is actually less bandwidth than a WSUS server downloading all the updates we need to approve company wide.
– BeowulfNode42
Oct 24 '13 at 2:23
That's the great part about wsus... You can tell the clients to download the updates as needed but centrally manage the updates...
– MikeAWood
Oct 29 '13 at 0:47
add a comment |
It looks like it's not as easy as I thought it was in W2K12. You have to use GP Preferences under User Configuration and then make the proxy settings machine wide under Computer Configuration. I'm going to delete my answer as I think I may have led you astray. Apologies.
– joeqwerty
Oct 18 '13 at 4:59
A bit of an aside, but WSUS does let you specify Proxy server credentials. In doing so, it would be able to authenticate into your Proxy server and download updates for your servers and workstations. Plus it has the added bonus of only downloading the updates once if you choose to let WSUS handle downloads..
– MikeAWood
Oct 22 '13 at 0:03
@MikeAWood that's fine at head office where we have the required storage, but the satellite branches do not have the storage space for a wsus repository, so this is why I am wanting a method for the client's WU to avoid using our WPAD that does require authentication. Also at the satellite branches having each device download just the updates it needs is actually less bandwidth than a WSUS server downloading all the updates we need to approve company wide.
– BeowulfNode42
Oct 24 '13 at 2:23
That's the great part about wsus... You can tell the clients to download the updates as needed but centrally manage the updates...
– MikeAWood
Oct 29 '13 at 0:47
It looks like it's not as easy as I thought it was in W2K12. You have to use GP Preferences under User Configuration and then make the proxy settings machine wide under Computer Configuration. I'm going to delete my answer as I think I may have led you astray. Apologies.
– joeqwerty
Oct 18 '13 at 4:59
It looks like it's not as easy as I thought it was in W2K12. You have to use GP Preferences under User Configuration and then make the proxy settings machine wide under Computer Configuration. I'm going to delete my answer as I think I may have led you astray. Apologies.
– joeqwerty
Oct 18 '13 at 4:59
A bit of an aside, but WSUS does let you specify Proxy server credentials. In doing so, it would be able to authenticate into your Proxy server and download updates for your servers and workstations. Plus it has the added bonus of only downloading the updates once if you choose to let WSUS handle downloads..
– MikeAWood
Oct 22 '13 at 0:03
A bit of an aside, but WSUS does let you specify Proxy server credentials. In doing so, it would be able to authenticate into your Proxy server and download updates for your servers and workstations. Plus it has the added bonus of only downloading the updates once if you choose to let WSUS handle downloads..
– MikeAWood
Oct 22 '13 at 0:03
@MikeAWood that's fine at head office where we have the required storage, but the satellite branches do not have the storage space for a wsus repository, so this is why I am wanting a method for the client's WU to avoid using our WPAD that does require authentication. Also at the satellite branches having each device download just the updates it needs is actually less bandwidth than a WSUS server downloading all the updates we need to approve company wide.
– BeowulfNode42
Oct 24 '13 at 2:23
@MikeAWood that's fine at head office where we have the required storage, but the satellite branches do not have the storage space for a wsus repository, so this is why I am wanting a method for the client's WU to avoid using our WPAD that does require authentication. Also at the satellite branches having each device download just the updates it needs is actually less bandwidth than a WSUS server downloading all the updates we need to approve company wide.
– BeowulfNode42
Oct 24 '13 at 2:23
That's the great part about wsus... You can tell the clients to download the updates as needed but centrally manage the updates...
– MikeAWood
Oct 29 '13 at 0:47
That's the great part about wsus... You can tell the clients to download the updates as needed but centrally manage the updates...
– MikeAWood
Oct 29 '13 at 0:47
add a comment |
1 Answer
1
active
oldest
votes
I had the same issue on Windows 2008 R2 with WPAD record.
To fit it we add fake DNS record to hosts file like 1.1.1.1 WPAD and after restart the update client it stop using proxy. In some cases the Server needs to be rebooted after WPAD block.
Cheers,
Andrey
answered Dec 18 '14 at 0:15
andreyandrey
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f546880%2fprevent-domain-controller-using-wpad-for-windows-update%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I had the same issue on Windows 2008 R2 with WPAD record.
To fit it we add fake DNS record to hosts file like 1.1.1.1 WPAD and after restart the update client it stop using proxy. In some cases the Server needs to be rebooted after WPAD block.
Cheers,
Andrey
answered Dec 18 '14 at 0:15
andreyandrey
1
add a comment |
I had the same issue on Windows 2008 R2 with WPAD record.
To fit it we add fake DNS record to hosts file like 1.1.1.1 WPAD and after restart the update client it stop using proxy. In some cases the Server needs to be rebooted after WPAD block.
Cheers,
Andrey
answered Dec 18 '14 at 0:15
andreyandrey
1
add a comment |
I had the same issue on Windows 2008 R2 with WPAD record.
To fit it we add fake DNS record to hosts file like 1.1.1.1 WPAD and after restart the update client it stop using proxy. In some cases the Server needs to be rebooted after WPAD block.
Cheers,
Andrey
answered Dec 18 '14 at 0:15
andreyandrey
1
I had the same issue on Windows 2008 R2 with WPAD record.
To fit it we add fake DNS record to hosts file like 1.1.1.1 WPAD and after restart the update client it stop using proxy. In some cases the Server needs to be rebooted after WPAD block.
Cheers,
Andrey
answered Dec 18 '14 at 0:15
andreyandrey
1
answered Dec 18 '14 at 0:15
andreyandrey
1
answered Dec 18 '14 at 0:15
andreyandrey
1
answered Dec 18 '14 at 0:15
andreyandrey
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f546880%2fprevent-domain-controller-using-wpad-for-windows-update%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
It looks like it's not as easy as I thought it was in W2K12. You have to use GP Preferences under User Configuration and then make the proxy settings machine wide under Computer Configuration. I'm going to delete my answer as I think I may have led you astray. Apologies.
– joeqwerty
Oct 18 '13 at 4:59
A bit of an aside, but WSUS does let you specify Proxy server credentials. In doing so, it would be able to authenticate into your Proxy server and download updates for your servers and workstations. Plus it has the added bonus of only downloading the updates once if you choose to let WSUS handle downloads..
– MikeAWood
Oct 22 '13 at 0:03
@MikeAWood that's fine at head office where we have the required storage, but the satellite branches do not have the storage space for a wsus repository, so this is why I am wanting a method for the client's WU to avoid using our WPAD that does require authentication. Also at the satellite branches having each device download just the updates it needs is actually less bandwidth than a WSUS server downloading all the updates we need to approve company wide.
– BeowulfNode42
Oct 24 '13 at 2:23
That's the great part about wsus... You can tell the clients to download the updates as needed but centrally manage the updates...
– MikeAWood
Oct 29 '13 at 0:47