-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ProxySettings: settings not working on Windows Server Core #423
Comments
Thanks for raising this @fullenw1 - great detection work BTW. Looks like it should be an easy fix. |
I am also facing this issue and desperately need a solution for this. |
Same issue here! We have an new environment based on Windows Server core ready to enter production, but the Proxy settings is an showstopper. |
Apologies for not getting to this sooner. For reference, S-1-5-18 is Local System account. As the LCM runs under Local System, we should be OK setting this in the resource. There are a few different ways of addressing this:
Option 1, 3 & 4 would all be breaking changes. This is also something we can't easily add automated integration tests for in the CI pipeline as we'd need a proxy server. It is possible to create a local proxy server on the CI and validate against that, but that would require more time than I have at the moment. Option 1 would be quite flexible but would require converting the username to a SID. Is it even required with PsDscRunAsCredential and using HKCU? If someone can confirm if the HKCU key works (as opposed to specifying the specific HKU) then the change will be simpler. I'm reluctant to hard code the Local System into the resource. Also, using HKU rather than HKCU will require a lot more rewriting as PowerShell PSDrive does not support HKU. What I may do to start with is make some supporting changes to make this change easier to do later on. |
I've submitted a draft PR to begin work on this. I'm keen to hear opinions on the most appropriate solution from above before finalizing the changes. |
As there hasn't been any further discussion, I'll implement Option 3 and release as a preview: Add a parameter to the resource that allows specifying Local Machine or Current User. Would need to determine if the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections works instead of S-1-5-18? I'll aim to complete this this weekend. |
I've run into an issue that I need more community feedback on: I can fix this by making a ProxySettings AutoDetectProxy
{
Scope = 'LocalMachine'
Ensure = 'Present'
EnableAutoDetection = $true
EnableAutoConfiguration = $false
EnableManualProxy = $false
} or ProxySettings AutoDetectProxy
{
Scope = 'CurrentUser'
Ensure = 'Present'
EnableAutoDetection = $true
EnableAutoConfiguration = $false
EnableManualProxy = $false
} My gut feeling is that this is fine (but a breaking change). Because regardless the change will result in a breaking change. But as I don't actually use this resource myself I'd like to hear from people who do. If I don't get any feedback in the next 2 weeks I'll push a change that makes the MOF:
|
Hi Daniel
I started following this issue and I am facing the same challenge.
What is the current behaviour of this resource?
Is it local machine or current user?
Cheers
Ausaf
…On Sun, May 23, 2021, 12:58 PM Daniel Scott-Raynsford < ***@***.***> wrote:
I've run into an issue that I need more community feedback on:
Right now the resource is an IsSingleInstance resource. This means that
in a config it will never be possible to apply the config to both the
machine and the user account.
I can fix this by making a Scope parameter the Key for the resource, but
this will be a significant breaking change for the resource as the
parameter would be required to be set. E.g. the resource config MUST look
like:
ProxySettings AutoDetectProxy
{
Scope = 'LocalMachine'
Ensure = 'Present'
EnableAutoDetection = $true
EnableAutoConfiguration = $false
EnableManualProxy = $false
}
or
ProxySettings AutoDetectProxy
{
Scope = 'CurrentUser'
Ensure = 'Present'
EnableAutoDetection = $true
EnableAutoConfiguration = $false
EnableManualProxy = $false
}
My gut feeling is that this is fine (but a breaking change). Because
regardless the change will result in a breaking change. But as I don't
*actually* use this resource myself I'd like to hear from people who do.
If I don't get any feedback in the next 2 weeks I'll push a change that
makes the MOF:
[ClassVersion("1.0.0"), FriendlyName("ProxySettings")]
class DSC_ProxySettings : OMI_BaseResource
{
[Key, Description("Specifies if the proxy settings should be set for the LocalMachine or for the CurrentUser. Defaults to 'LocalMachine'."), ValueMap{"LocalMachine","CurrentUser"}, Values{"LocalMachine","CurrentUser"}] String Scope;
[Write, Description("Specifies if proxy settings should be set. Defaults to 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Write, Description("Defines if the proxy settings should be configured for default connections, legacy connections or all connections. Defaults to 'All'."), ValueMap{"All","Default","Legacy"}, Values{"All","Default","Legacy"}] String ConnectionType;
[Write, Description("Enable automatic detection of the proxy settings. Defaults to 'False'.")] Boolean EnableAutoDetection;
[Write, Description("Use automatic configuration script for specifying proxy settings. Defaults to 'False'.")] Boolean EnableAutoConfiguration;
[Write, Description("Use manual proxy server settings. Defaults to 'False'.")] Boolean EnableManualProxy;
[Write, Description("The URL of the automatic configuration script to specify the proxy settings. Should be specified if 'EnableAutoConfiguration' is 'True'.")] String AutoConfigURL;
[Write, Description("The address and port of the manual proxy server to use. Should be specified if 'EnableManualProxy' is 'True'.")] String ProxyServer;
[Write, Description("Bypass proxy server for addresses starting with addresses in this list.")] String ProxyServerExceptions[];
[Write, Description("Bypass proxy server for local addresses. Defaults to 'False'.")] Boolean ProxyServerBypassLocal;
};
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#423 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALR5QVREPWDUJGLZFDCXUMDTPCVCTANCNFSM4JDELXOQ>
.
|
Thanks Daniel
Looking forward to test it once it will be released
Warm Regards
Ausaf Ahmed
+91 9910180046
…On Wed, May 5, 2021 at 10:14 AM Daniel Scott-Raynsford < ***@***.***> wrote:
As there hasn't been any further discussion, I'll implement Option 3 and
release as a preview:
Add a parameter to the resource that allows specifying Local Machine or
Current User. Would need to determine if the
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections works instead of S-1-5-18?
I'll aim to complete this this weekend.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#423 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALR5QVSP37N4SJL4L4NPIFTTMDELBANCNFSM4JDELXOQ>
.
|
Hi @ausafonly - I've actually completed the change, just need to get it reviewed before it can be merged: #494 Unfortunately we don't have a large number of reviewers and they're all super busy. I'll try and find out when someone might be free to do this. The community is always looking for more contributors and reviewers though 😁 |
Details of the scenario you tried and the problem that is occurring
I apply the same configuration on Windows 2016 GUI, Windows 2016 Core, Windows 2019 GUI and Windows 2019 Core.
DSC modules like cChoco are working fine as soon as the proxy configuration has been set set via the ProxySettings resource of the NetworkingDsc module, except for Core servers.
Suggested solution to the issue
Currently the ProxySettings resource is applying proxy settings on this registry key:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
It does also apply successfully these settings on the same key on Core servers, though it has no effect.
However, when I manually apply the same values on the system account, it works fine on Core servers too after a computer restart or a new DSC pull session.
Here is the key where I apply the configuration:
registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
The proxy configuration should be added to this registry key too, in order to make it functioning on Core servers and not only GUI servers.
The operating system the target node is running
OsName : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 1809
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage : en-US
OsMuiLanguages : {en-US}
OsName : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsBuildLabEx : 14393.1794.amd64fre.rs1_release.171008-1615
OsLanguage : en-US
OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
PSVersion 5.1.17763.316
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.316
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PSVersion 5.1.14393.1884
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14393.1884
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used ('dev' if using current dev branch)
7.4.0.0
The text was updated successfully, but these errors were encountered: