what is a 'policy package' ?
is this a local account or a domain account you are trying to restrict ?
Hello Bill, thank you for responding. By policy package I meant BLPackage.
And, being it local or domain account, either way is feasible. I was thinking from server level restriction perspective.
So what exactly do you need to deploy to make these changes ? registry changes? installable ?
Yes is it feasible to change the registry so that the proxy settings is set to local host IP 127.0.0.1 and prevent any user from changing the proxy settings.
I was trying to create a registry file. I open a notepad and type the following contents and save it with the name "setproxy.reg":
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyServer"="127.0.0.1:80" "ProxyEnable"=dword:00000001
and was thinking of importing this using:
reg import setproxy.reg
But it is not working. When I double click the registry file to test it is getting added to registry it gives and error: "The specified file is not a registry script. You can only import binary registry files from within the registry editor."
My plan was if I could somehow import these registry changes files(setting the proxy settings and disabling proxy changes) to a BLPackage.
Thanks in advance. Obliged with your help.
Okay Bill, I tried something and it's working manually. I created two registry files.
First registry file named it as 'setproxy.reg' with the contents:
Second registry file named it as 'disableproxychanges.reg' with the contents:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
Then I created a .bat file writing the below contents:
reg import setproxy.reg
reg import disableproxychanges.reg
When I run this .bat file manually I am able to achieve what I intend to, i.e. no internet access and user not able to change the proxy settings. But how do I stitch it in a BLPackage?
so there's a couple options:
one would be to add the two files into the blpackage, put them in c:\temp or something. then add an 'external command' to run the reg import for each file.
the other would be to use the native registry object, live browse to the same registry path on a server w/ this set and add both registry values to the blpackage as the native registry object type.
now - because you are editing hkcu - that's only going to affect the 'current user' - the user you are logged in as. so do you want to make this change for all users on the box, or only a specific local user ? i believe you can modify the same key under HKU and it will affect new users. or you can modify the individual nodes (users) under hku.
I tried the first option you said, i.e. put the two files into package and add an external command to import, the job fails in the commit stage.
For option two of yours, I could find only the 'ProxyEnable' registry value from the registry path on the server. I don't find the other two registry values 'ProxyServer' and 'Proxy' to add to the blpackage.
Even, with only one registry object added to the package, when I deploy it to a target server, the job runs with success but the registry value don't change inside the server in actual. The logs of the job tells 'Apply succeeded'.
I tried a third option too. I created a empty BLPackage and added three External Commands. In the cmd section I gave these three commands respectively:
1. REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /d 1 /f
2. REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /d 127.0.0.1:80 /f
3. REG ADD "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v Proxy /d 1 /f
When I deploy this blpackage against a target server, I get the same output. The deploy job runs with success. The logs even say so. But in the server, the registry value doesn't change.
When I run these 3 commands in cmd prompt of the target server, it says 'The operation completed successfully' and the registry change works.
I don't understand why these commands don't take effect when deployed through BLPackage!!
"I tried the first option you said, i.e. put the two files into package and add an external command to import, the job fails in the commit stage."
-> failed how? bldeploy log ?
"For option two of yours, I could find only the 'ProxyEnable' registry value from the registry path on the server. I don't find the other two registry values 'ProxyServer' and 'Proxy' to add to the blpackage."
-> so add them to the server and then add them to the blpackage as i noted.
"a target server, the job runs with success but the registry value don't change"
-> your screenshot shows you are looking at HKEY_USERS\.DEFAULT. is that where you are looking on the server to confirm the change ?
"1. REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /d 1 /f"
and what user's 'HKCU' hive are you looking at ?
so you put the reg files here:
06/22/16 17:27:55.411 DEBUG bldeploy - [C:/Windows/Temp/Reg Change Policy/DisableProxyChanges.reg] Success adding file C:/Windows/Temp/Reg Change Policy/DisableProxyChanges.reg.
but when you ran the reg command here:
06/22/16 17:27:55.411 INFO bldeploy - [Import setproxy reg file] Executing command: "reg import setproxy.reg"?
did you cd into the C:\Windows\Temp\Reg Change Policy ?
I didn't understand by your line "did you cd into the C:\Windows\Temp\Reg Change Policy ?" No I haven't that yet.
Pardon me for my ignorance.
The path "C:/Windows/Temp/Reg Change Policy" is the path where I dumped the files in my fileserver from where I browse and add into the package. I also check the checkbox in the File Options "Copy file contents".
in the blpackage, what path are you putting the two reg files during the deploy? from the bldeploy log you attached, it's C:\Windows\Temp\Reg Change Policy'.
so that means you need to cd into that directory before running your reg import command or specify the full path to the reg file in the reg import command.