Set Windows Proxy Server system-wide

The proxy settings stored in Internet Explorer are evaluated by IE, as well as by all programs that can access the Internet Explorer settings.

So that proxy settings can be used by the entire system, i.e. also by applications such as Powershell, WinRM or Windows Update, these settings must first be set. After setting the system-wide proxy, the IE remains outside. For this we use the command line tool “netsh”.

netsh winhttp show proxy
netsh winhttp set proxy

If the settings stored in IE should act on the system-wide proxy, you can transfer or import them directly from WinINET to WinHTTP.

netsh winhttp import proxy source = ie

Set Proxy Bypass List (Bypass List)

netsh winhttp set proxy "" bypass-list = "* .test.local"

To undo the settings around the "system" proxy, this command is executed.

Netsh winhttp reset proxy

In general, there are 3 options to configure / use a proxy server.

  1. On the one hand in applications that bring their own proxy configuration settings and thus can not or do not want to resort to any API of the system.
  2. Application manufacturers who do not want to reinvent the wheel resort to the WinINET API (core of Internet Explorer) back. Thus, applications also participate directly from the cookie handling, the SSL / TLS settings and the configured proxy in IE.
  3. WinHTTP is more for non-interactive use, such as for Windows services or tasks that need to communicate in the background, that is, for processes that do not require user intervention (Windows Update, Powershell, WinRM, Certificate Checking).

WinHTTP is more powerful compared to WinINET and depends on .NET. Both can be configured via auto-discovery, manual configuration or proxy auto-scripting.

In summary, this means that WinHTTP does not use the WinINET settings that are configured in Internet Explorer. To do this, first, as described above, this command "netsh winhttp import proxy source = ie" should be executed.

WinINET is configured in Internet Explorer and is only valid for the respective user account. The automatic search is preset as standard and thus uses the Web Proxy Autodiscovery Protocol (WPAD). The proxy is thus configured either by a DHCP option or by a DNS query WPAD-A. If you want every user to use the same settings, this can be controlled via a group policy.

Computer Configuration \ Administrative Templates \ Windows Components \ Internet Explorer
Make proxy settings per-machine (rather than per user)

It is also possible to distribute the WinHTTP settings via a group policy. To do this, simply import the binary value of the WinHttpSettings entry using the Registry Wizard.

Distribute WinHTTP settings via GPO