3

I am creating a Windows "golden image" that will be rolled out to a network which does not have direct Internet access. Instead, HTTP/HTTPS traffic must be carried over a proxy server.

When running sysprep, I am adding this to unattend.xml, to automatically configure the proxy settings in the golden image:

<component name="Microsoft-Windows-IE-ClientNetworkProtocolImplementation" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
  <POLICYProxySettingsPerUser>0</POLICYProxySettingsPerUser>
  <HKLMProxyEnable>true</HKLMProxyEnable>
  <HKLMProxyServer>outboundproxy.example.com:3128</HKLMProxyServer>
</component>

(This is derived from a post at https://blogs.technet.microsoft.com/chrad/2009/07/13/dynamic-provisioning-with-vmm-proxy-windows-updates-and-scripts/)

After running sysprep, creating an image, and then deploying a VM from the image, I was able to log in to the desktop, go to Settings -> Proxy Settings, and verify that the proxy was set correctly. IE and other apps worked as expected.

However, I later discovered that software processes that run on startup were not using the proxy settings and were therefore failing. After some experimentation I discovered that the proxy settings were not taking effect until a user had logged to a desktop session. After a user had logged on, the same processes that did not work before then started to use the HTTP proxy successfully. It therefore seems that sysprep was not configuring the proxy - instead, some user process invoked on logging was responsible for completing the configuration.

As this is an environment which relies heavily on automation, and as these are servers not user desktops, it's important that they work correctly without ever having a user log on to the desktop.

Is there a way to configure HTTP proxy settings in a sysprep golden image that does not depend on a user logging in to the desktop?

In this configuration we are using Windows Server 2019 but I imagine this problem is common to quite a few Windows versions.

Richard Downer
  • 411
  • 1
  • 3
  • 9
  • 1
    Can you set the proxy beforehand using `netsh winhttp set proxy outboundproxy.example.com:3128`? But be sure to check if it's used for real, I still can't wrap my head around all Windows proxy settings ... – Lenniey Sep 20 '19 at 13:34
  • One possible workaround: configure unattend.xml to automatically log in as the local administrator at the end of the install sequence. (You could also set things up so that the administrator is automatically logged out again after a few minutes, using, e.g., a script put into the Startup folder in the Start Menu.) – Harry Johnston Sep 21 '19 at 00:31
  • ... or if you configure the unattend.xml proxy settings when you install the source machine (the one you are going to run sysprep on) then I think they should be retained in the captured image. Presumably the source machine already gets logged into at least once. – Harry Johnston Sep 21 '19 at 12:11

0 Answers0