Configure Device WinHTTP proxy using Group Policy

by | Intune, Cloud

In this post I will show you how to configure Device WinHTTP proxy using Group policy. Usually organizations have proxy settings which is applied for users and you will be able to see the proxy settings registry value under HKCU registry hive. However, WinHTTP proxy which is also called device proxy or system proxy, works at device level. The services such as Intune, Autopilot and others relies on device proxy so that communication shouldn’t break while getting connected to cloud services.

Table Of Contents
  1. Why we need WinHTTP proxy
  2. Different ways of deploying WinHTTP proxy settings
  3. Caveats for configuring WinHTTP using Group Policy
  4. Steps to configure WinHTTP proxy

Why we need WinHTTP proxy

In continuation with previous paragraph, we need 2 proxies now:

  1. User Proxy – which organizations would be already using. Registry key is saved under HKCU. Complete path is “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings” and values to configure such as AutoConfigURL,ProxyServer, ProxyEnable etc.
  2. System / Device Proxy: Also known as WinHTTP proxy. This is a proxy which is applied at device level. To apply this kind of proxy, you have to run the command:

Netsh WinHTTP set proxy <proxyserver>:<PortNo>

This creates the registry with the name WinHTTPSettings under HKLM registry hive, location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

Different ways of deploying WinHTTP proxy settings

There could be several ways to deploy WinHTTP device proxy:

  1. Configuration Manager– If you have SCCM infrastructure in your environment, you can create a package without source and deploy the program with command line “netsh WinHTTP set proxy <proxyserver>:<PortNo>
  2. Group Policy – This could be another approach of deploying WinHTTP device proxy. However, you have to do apply some additional efforts to deploy this kind of proxy as there is no setting available.

Caveats for configuring WinHTTP using Group Policy

  1. There is no Group policy setting available for WinHTTP device proxy.
  2. As there is no setting available, we can use GPP (Group policy preference) to add/update the registry key for WinHTTPSettings registry value. This approach also has one problem, WinHTTPSettings value is REG_BINARY, we can’t set the value manually.
  3. To overcome issue in step 2, we have to manually apply WinHTTP proxy settings using netsh WinHTTP command. Then export the key and import it into Group Policy. Here another problem we will face and ie. Group policy allows only xml files while registry key export is done with reg file extension.

Hence, the solution for step#3 is to convert reg to xml which will be a readable format for group policy.

Steps to configure WinHTTP proxy

We will go through couple of steps to configure the WinHTTP and apply it through group policy.

Set WinHTTP device proxy manually on a device

We have to manually set the WinHTTP proxy on a device so that we can export it.

This is the command which shows us that no WinHTTP proxy setting is applied and it has Direct access.

Netsh WinHTTP show proxy

Corresponding WinHTTPSettings registry key also looks blank.

WinHTTPSettings Registry location

Run the following command to apply the proxy (replace the proxyname which you will be using in your environment)

netsh WinHTTP set proxy testmbcom:80
Set netsh winhttp proxy
netsh winhttp set proxy proxyserver:80

I can see the proxy is set now. I can verify this through registry as well which is ready to export.

There are 2 keys got created with the name WinHTTPSettings and SavedLegacySettings.

SavedLegacySettings registry key location

Double click the value, you will be able to see Binary value however our value specified is somehow visible.

WinHttpSettings Binary Value

Export the registry key by clicking on File > Export

export registry key

Save the file with name WinHTTP.reg

Convert reg file to xml

As I told you previously reg file is not sufficient to be imported in group policy preference which requires xml file. There are heaps of links available on google to convert reg to xml.

I found Reg2GPP – RuneCasters IT Solutions, a neat and clean website which has online tool where you just need to upload your reg and it will immediately convert it in xml file for you.

Upload the registry file by clicking on Upload, in next page it will ask you for Default Action. Select Update and click on Convert and Download XML.

ConfigureWinHTTPGPO 06

Now we have WinHTTP.xml file in readable format:

winhttp.xml
Converted reg to xml file

Create Group policy for WinHTTP proxy

Login to the server / domain controller and open Group policy management editor. Create or edit any existing policy and navigate to Computer Configuration \ Preference \ Windows Settings \ Registry

GPP registry

Simply Drag and Drop the xml file under Right pane of Registry window and click Yes on Confirm Import Dialog box.

Import the pasted document
ConfigureWinHTTPGPO 10

We can see 2 registry keys created with Action “Update” and our group policy is ready to be applied.

WinHttpSettings gpp setting GPO

Verify Group policy on workstation

Login to Windows 10 / 11 device. Apply group policy instantly by running “gpupdate /force”

Verify the WinHTTP proxy setting by running command:

Netsh WinHTTP show proxy
netsh winhttp show proxy
Show winhttp proxy settings command

You can verify registry results by generating report. Run the command:

Gpresult /h report.html

In report.html, we can see GPO with group policy preference registry key is applying correctly.

gpresult winhttpsettings

Important Links

Configure device proxy and Internet connection settings | Microsoft Docs

Reg2GPP – RuneCasters IT Solutions

Leave a Reply