Unfortunately, I didn't get to experience much of NT Network Administration, just the workstation support side. Does anyone have any references on auto-detect I can look into?...whitepapers, websites, etc? I will say this, we just implemented a new Web Filtering/Proxy solution and our old solution utilized log-in scripting. I may look at that old script to see how to manipulate that for our current solution. Thanks everyone for all your assistance. Shane _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Rochford Sent: Tuesday, March 04, 2008 8:05 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy That's what we do - started doing this back in NT days when we didn't have GP and you can have more flexibility with the script. If you're intending to run regedit at startup then surely you could run a vbscript (or any other program?) - doesn't have to be a domain login script. The benefit of setting auto-detect is that if the machine is at work then it will get the info from DHCP/DNS; if it's outside work then it doesn't get a proxy so "just works" Steve From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Williford Sent: 04 March 2008 13:24 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy Hmm...thanks Steve, but a log-in script solution probably won't be the best for us. We have a log-in script for our domain certainly, but the solution I am more interested in is 1. for only our laptop users and 2. only when those laptop users are not connected to the domain. Maybe I'm just unaware of the full functionality of what "auto-detect" does? We have our proxy settings done via GP for everyone. Are you suggesting to manipulate proxy via log-in script? Shane Shane M. Williford Systems Administrator MCSE, MCSA Sec, Sec+, Net+, A+ Mazuma Credit Union shane.williford@xxxxxxxxxx 816-361-4194 x6012 _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Rochford Sent: Tuesday, March 04, 2008 7:07 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy Bit of VBscript from our login script to turn on "auto-detect". This will run silently. If you want to use regedit then stick /s after it in your batch file. dim binArray(1024) Const HKEY_CURRENT_USER = &H80000001 Set objRegistry = GetObject("winmgmts://./root/default:StdRegProv") sPath="Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" lRC = objRegistry.GetBinaryValue(HKEY_CURRENT_USER, sPath, "DefaultConnectionSettings", binArray) binArray(8)=9 lRC = objRegistry.SetBinaryValue(HKEY_CURRENT_USER, sPath, "DefaultConnectionSettings", binArray) As far as I can work out, you just need to sit location 8 (counting from 0) to value 9 to get the "auto-detect settings" checked. Steve From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Williford Sent: 04 March 2008 12:44 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy Enforced per-machine proxy? Well, I set it up in GP, if that's what you mean. This batch file is something I'm going to have to manually add to my laptop users' local policy, which stinks, but no other way around it really. Here's my reg file, Jamie: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "EnableAutoProxyResultCache"=dword:00000000 "EnableNegotiate"=dword:00000000 "ProxyEnable"=dword:00000000 "AutoConfigURL"="" "ProxyServer"="" "ProxyOverride"="<local>" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] "DefaultConnectionSettings"=hex:3c,00,00,00,1f,00,00,00,01,00,00,00,00,0 0,00, 00,00,00,00,00,00,00,00,00,01,00,00,00,1f,00,00,00,68,74,74,70,3a,2f,2f, 31, 34,34,2e,31,33,31,2e,32,32,32,2e,31,36,37,2f,77,70,61,64,2e,64,61,74,90, 0e, 1e,66,d3,88,c5,01,01,00,00,00,8d,a8,4e,9e,00,00,00,00,00,00,00,00 It took some real digging to get that last part, which deselects the Automatic Detect Settings check box (didn't want to disable it, which I know there's a much shorter entry for that...more of knowledge thing than a preference or need). You know...I think I placed this bat file in the Comp Config start-up script area, which won't work because of being user settings (thanks Steve!). I'll try placing this on the User side and test it out. And, if anyone knows how to run batches in "silent mode", please share...thanks. Shane Shane M. Williford Systems Administrator MCSE, MCSA Sec, Sec+, Net+, A+ Mazuma Credit Union shane.williford@xxxxxxxxxx 816-361-4194 x6012 _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Monday, March 03, 2008 3:58 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy That should work assuming you have actually enforced per-machine proxy settings, otherwise you need to run it as a logon script in your local policy. What do you have in your .reg file? Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Rochford Sent: Monday, March 03, 2008 3:56 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy If this is machine startup then it won't work - proxy settings are user specific so need to be set by a logon script rather than a startup script. Not sure if that's going to work as a local policy but I must admit that I've never tried :-) Can you use automatic configuration for the proxy - probably easier to get working Steve From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Williford Sent: Monday, March 03, 2008 3:33 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy I'm pinging a computer on our domain. If the ping succeeds the script ends; if it fails, I want to run a reg file that disables proxy settings. I know it didn't run because I checked my proxy settings in IE and they were enabled. I want them (through my reg file) to be disabled. This method is how I'm resolving disabling proxy settings for my laptop users who need to connect to the Internet while not at work. This is the batch file I created: @echo off ping hostcomputer.domain if errorlevel 1 goto disableIEProxy goto done :disableIEProxy REGEDIT /S "C:\Support\DisableIEProxy.reg" :done I think my problem is that the cmd box is displaying (or wants to). When I run the batch file by itself, it works, but displays the cmd window. I can run the reg file silently, but how do I configure the "ping" part of my file to run silently. Oh, btw, if you haven't figured it out, I'm a neophyte scripter. :-) Any assistance in my scripting inabilities is very much welcomed. Thanks guys! Shane Shane M. Williford Systems Administrator MCSE, MCSA Sec, Sec+, Net+, A+ Mazuma Credit Union shane.williford@xxxxxxxxxx 816-361-4194 x6012 _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jakob H. Heidelberg Sent: Monday, March 03, 2008 3:12 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy And how about security/share permissions - did you make sure to add "Authenticated Users" or "Domain Computers" to the NTFS & share permissions (assuming you are running the script from a network location). Remember the credentials used are "SYSTEM" - which is the same as running in "computer context"... Could this be the problem? /Jakob H. Heidelberg From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: 3. marts 2008 21:39 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy How do you know it didn't run? What is the script trying to do? Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Williford Sent: Monday, March 03, 2008 2:36 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy Hmm...that's what I thought, but it didn't work. The batch file works, but it didn't 'run' when I added it as a start-up script in the Local Security Policy....hmm....back to the drawing board. :-) Thanks Jamie! _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Monday, March 03, 2008 2:33 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Start-Up Script policy Should work with any standard executable script (.bat, .cmd, .vbs, etc.) Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Williford Sent: Monday, March 03, 2008 2:24 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Start-Up Script policy I created a start-up script to check if my computers are on the domain and want to add-it to the Local Policy. Does Start-Up scripting policy area only work with VBS files? The one I created is a batch file. Thanks! Shane M. Williford Systems Administrator MCSE, MCSA Sec, Sec+, Net+, A+ Mazuma Credit Union shane.williford@xxxxxxxxxx 816-361-4194 x6012 Notice: The information transmitted in this e-mail may contain confidential and/or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system. _____ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). NOTICE: The information transmitted in this e-mail may contain confidential and/or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.