KB – Windows Proxy configuration
Workspace ONE and Windows management are always complicated when using a proxy.
To avoid further misunderstandings I tested all five different scenarios and here are the results:
| INET | WINHTTP | BITS | INET+WINHTTP | INET+BITS | WINHTTP+BITS | |
|---|---|---|---|---|---|---|
| HUB start | yes | yes | Yes | yes | yes | Yes |
| HUB works | yes | no | no | yes | restart required | |
| Manual Enrollment | yes | No – *Works with INET | No | yes | yes | No *Works with INET |
| WNS Registration | yes | No – since no enrollment | No | yes | yes | No – since no enrollment |
| WNS Push | yes | yes (after enrollment) | No | yes | yes | No – since no enrollment |
| App Deployment | yes | yes (after enrollment) | No | yes | yes | No – since no enrollment |
| App Deployment if no user is logged on | yes | yes (after enrollment) | No | yes | yes | No – since no enrollment |
| App status change in console | yes | No | No | yes | yes | No – since no enrollment |
| Freestyle | Not tested | Not tested | yes | Not tested | No – since no enrollment |
How do you detect what kind of Windows proxy configuration you are using?
First, INET is the most common one. You can use a proxy the GUI to configure the proxy:
But also via registry in the current user hive:
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Of course, the proxy is also configurable via Windows GPO. The setting is located in the user hive under:
User Configuration > Preferences > Control Panel Settings > Internet Settings
The only option to configure BITS and WINHTTP is to use Windows command line or PowerShell.
netsh winhttp set proxy <proxy>:<port>or to get the configuration:
netsh winhttp show proxyFor the BITS Proxy you can use the following command:
bitsadmin /util /getieproxy <account>You can use the following accounts:
- LOCALSYSTEM
- NETWORKSERVICE
- LOCALSERVICE
To get all possible proxy settings, I created a small script to show the current proxy configuration.
#INET Proxy
$INET = Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyEnable -ErrorAction SilentlyContinue
if($INET)
{
if($INET.ProxyEnable -eq '1')
{
$INETDetected = $true
$INETServer = (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyServer).ProxyServer
Write-Output "INET Proxy detected and enabled"
Write-Output "INET Configuration:"
Write-Output $INETServer
Write-Output ""
}else{$INETDetected = $false}
}else{$INETDetected = $false}
#WINHTTP Proxy
$WINHTTP = netsh winhttp show proxy
if($WINHTTP[3] -like "*no proxy server*")
{
$WINHTTPDetected = $false
}
else
{
$WINHTTPDetected = $true
Write-Output "WINHTTP Proxy detected and enabled"
Write-Output "WINHTTP Configuration:"
Write-Output $WINHTTP[3]
Write-Output ""
}
#BITS Proxy
$BITSLOCALSYSTEM = bitsadmin /util /getieproxy LOCALSYSTEM
$BITSNETWORKSERVICE = bitsadmin /util /getieproxy NETWORKSERVICE
$BITSLOCALSERVICE = bitsadmin /util /getieproxy LOCALSERVICE
if($BITSLOCALSERVICE[8] -like "*autodetect*" -and $BITSNETWORKSERVICE[8] -like "*autodetect*" -and $BITSLOCALSERVICE[8] -like "*autodetect*")
{
$BITSDetected = $false
}
else
{
$BITSDetected = $true
Write-Output "BITS Proxy detected and enabled"
Write-Output "BITS Configuration:"
Write-Output $BITSLOCALSYSTEM[5]
Write-Output $BITSLOCALSYSTEM[8]
Write-Output $BITSNETWORKSERVICE[5]
Write-Output $BITSNETWORKSERVICE[8]
Write-Output $BITSLOCALSERVICE[5]
Write-Output $BITSLOCALSERVICE[8]
Write-Output ""
}
if($INETDetected -eq $false -and $WINHTTPDetected -eq $false -and $BITSDetected -eq $false)
{
Write-Output "No Proxy detected"
}
Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.
