0
Something alters the proxy settings on PCs in my domain to use WPAD. I need to identify it and stop it.
We configure our Windows 7 PCs to "Use automatic configuration script" and we set the URL for the PAC file. Every 4-6 weeks, many machines get updated to use WPAD and the PAC settings are cleared. It happens to different machines on different days.
I could write code to monitor the AutoConfigURL in the registry and identify precisely when, plus enable auditing for the registry key. Then match the timestamps.
The catch is that if the code which updates the settings makes an out-of-process call to update the registry (e.g. if it calls WMI to update the settings), the audit will identify the out-of-process server and not the process which initiated the change.
How can I definitively identify the .exe file which is updating my IE proxy settings?
Kevin Kleinfelter
Posted 2019-03-25T21:08:11.690
Reputation: 69
Welcome to Super User. Your question is well written, but the title could be improved to better reflect your question, e.g. Identify process that changes 'Use automatic configuration script' setting" – I say Reinstate Monica – 2019-03-25T21:36:31.563