Some of our systems have extra "security needs", and they are not allowed to initiate outgoing connections by default. This means that IP ACLs are used so that they can only reach neccessary services reach necessary services (SMTP gateway, DNS resolvers, NTP etc).
Because those hosts do need access to some web sites (mostly for software updates), we use a proxy server to allow them access to those domains.
...
- The "Windows Update" start menu items opens up http://update.microsoft.com/windowsupdate/v6/default.aspx in an Internet Explorer browser window. In order for this to work through a proxy, go to Control Panel -> Internet Options. This will bring up the IE settings dialog, settings dialogue go to Connections -> LAN settings, and fill in the stuff there.
For automatic updates to work, go to Control Panel -> System -> Automatic Updates, and configure it to your needs (I usually let them install automatically because I don't have the time to look at all the updates, let alone test them. If an update screws up - though luck).
The updates downloading is done by BITS, but this does not honour any of the stuff from Internet Options. Proxy settings for BITS are configured using the proxycfg command:Code Block C:\Documents and Settings\Administrator>proxycfg -p proxy.terena.org:8888 Microsoft (R) WinHTTP Default Proxy Configuration Tool Copyright (c) Microsoft Corporation. All rights reserved. Updated proxy settings Current WinHTTP proxy settings under: HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ WinHttpSettings : Proxy Server(s) : proxy.terena.org:8888 Bypass List : (none)
...