Live Proxy setting change

Live Proxy setting change

So I’ve been trying to think of what I can post here as my first PowerShell blog.

I’ve been going through my archive of scripts and came across one that was given to me as a great challenge.

The story goes that a VPN login to a Citrix Netscaler has had a little issue for roughly 5 years that the vendor never seemed to address, most likely due to the fact that proxies aren’t commonly used in their larger markets like the US (from what I’ve been told).

So a Citrix engineer, after much frustration, decided to give me a challenge: “you’re good with PowerShell, find a way to change proxy settings and make IE recognise them without having to close the browser or open internet options.”

I’m a sucker for a good challenge, so I started researching my option, good old google showed me that there wasn’t really any predefined PowerShell method for doing so.

Most script examples would change the registry settings but again restarting a browser was necessary.

I came across several examples of c# code that achieved this, but I didn’t want to have to write an application to do it and this was to be called by a VPN login script. So after some reading, I found a way to use C# code by adding a .net framework class via the Add-Type CMDLet.

I originally posted this here just to get it out into the world, and handed it over to my Citrix friends. A 5 year old problem, solved in 1 hour and 5 minutes, just by asking the right guy 😉

I advised them to use a script signing policy to make sure their end points were secure, plenty of info on how to do this via google. I may post something on how to do it in future.

They were happy and the end users didn’t have to restart IE any more so it in turn, made them happy, and isn’t that why we do this job, to make the world a better place?!

I’ve seen this code used since in other scripts people have published, even using my original variable names. Good to see someone made use of it.

Here is a sample of the code, in this example it is only setting a PAC file entry but you can use it for any type of proxy configuration you need. (It even works on Win 10 with Edge)

 

#Set the location of the pac file you want in IE.
 $PacLocation = "http://webpac.domain.local/proxy.pac"

#Change Proxy in current users registry
Remove-ItemProperty -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" AutoConfigURL -ErrorAction SilentlyContinue
New-ItemProperty -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -name "AutoConfigURL"
Set-ItemProperty -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" AutoConfigURL -Value $PacLocation

#Set code in variable
 $Source=@"
 [DllImport("wininet.dll")]
 public static extern bool InternetSetOption(int hInternet, int dwOption, int lpBuffer, int dwBufferLength);
"@

#Create type from code
 $wininet = Add-Type -memberDefinition $Source -passthru -name InternetSettings

#Flag the change
#INTERNET_OPTION_PROXY_SETTINGS_CHANGED
$wininet::InternetSetOption([IntPtr]::Zero, 95, [IntPtr]::Zero, 0)|out-null

#Refresh the proxy settings in memory
#INTERNET_OPTION_REFRESH
$wininet::InternetSetOption([IntPtr]::Zero, 37, [IntPtr]::Zero, 0)|out-null

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s