In this post I will show you how to configure Device WinHTTP proxy using Group policy. Usually organizations have proxy settings which is applied for users and you will be able to see the proxy settings registry value under HKCU registry hive. However, WinHTTP proxy which is also called device proxy or system proxy, works at device level. The services such as Intune, Autopilot and others relies on device proxy so that communication shouldn’t break while getting connected to cloud services.
Why we need WinHTTP proxy
In continuation with previous paragraph, we need 2 proxies now:
- User Proxy – which organizations would be already using. Registry key is saved under HKCU. Complete path is “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings” and values to configure such as AutoConfigURL,ProxyServer, ProxyEnable etc.
- System / Device Proxy: Also known as WinHTTP proxy. This is a proxy which is applied at device level. To apply this kind of proxy, you have to run the command:
Netsh WinHTTP set proxy <proxyserver>:<PortNo>
This creates the registry with the name WinHTTPSettings under HKLM registry hive, location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Different ways of deploying WinHTTP proxy settings
There could be several ways to deploy WinHTTP device proxy:
- Configuration Manager– If you have SCCM infrastructure in your environment, you can create a package without source and deploy the program with command line “netsh WinHTTP set proxy <proxyserver>:<PortNo>
- Group Policy – This could be another approach of deploying WinHTTP device proxy. However, you have to do apply some additional efforts to deploy this kind of proxy as there is no setting available.
Caveats for configuring WinHTTP using Group Policy
- There is no Group policy setting available for WinHTTP device proxy.
- As there is no setting available, we can use GPP (Group policy preference) to add/update the registry key for WinHTTPSettings registry value. This approach also has one problem, WinHTTPSettings value is REG_BINARY, we can’t set the value manually.
- To overcome issue in step 2, we have to manually apply WinHTTP proxy settings using netsh WinHTTP command. Then export the key and import it into Group Policy. Here another problem we will face and ie. Group policy allows only xml files while registry key export is done with reg file extension.
Hence, the solution for step#3 is to convert reg to xml which will be a readable format for group policy.
Steps to configure WinHTTP proxy
We will go through couple of steps to configure the WinHTTP and apply it through group policy.
Set WinHTTP device proxy manually on a device
We have to manually set the WinHTTP proxy on a device so that we can export it.
This is the command which shows us that no WinHTTP proxy setting is applied and it has Direct access.
Netsh WinHTTP show proxy
Corresponding WinHTTPSettings registry key also looks blank.
Run the following command to apply the proxy (replace the proxyname which you will be using in your environment)
netsh WinHTTP set proxy testmbcom:80
I can see the proxy is set now. I can verify this through registry as well which is ready to export.
There are 2 keys got created with the name WinHTTPSettings and SavedLegacySettings.
Double click the value, you will be able to see Binary value however our value specified is somehow visible.
Export the registry key by clicking on File > Export
Save the file with name WinHTTP.reg
Convert reg file to xml
As I told you previously reg file is not sufficient to be imported in group policy preference which requires xml file. There are heaps of links available on google to convert reg to xml.
I found Reg2GPP – RuneCasters IT Solutions, a neat and clean website which has online tool where you just need to upload your reg and it will immediately convert it in xml file for you.
Upload the registry file by clicking on Upload, in next page it will ask you for Default Action. Select Update and click on Convert and Download XML.
Now we have WinHTTP.xml file in readable format:
Create Group policy for WinHTTP proxy
Login to the server / domain controller and open Group policy management editor. Create or edit any existing policy and navigate to Computer Configuration \ Preference \ Windows Settings \ Registry
Simply Drag and Drop the xml file under Right pane of Registry window and click Yes on Confirm Import Dialog box.
We can see 2 registry keys created with Action “Update” and our group policy is ready to be applied.
Verify Group policy on workstation
Login to Windows 10 / 11 device. Apply group policy instantly by running “gpupdate /force”
Verify the WinHTTP proxy setting by running command:
Netsh WinHTTP show proxy
You can verify registry results by generating report. Run the command:
Gpresult /h report.html
In report.html, we can see GPO with group policy preference registry key is applying correctly.