prevent domain controller using wpad for windows update

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about prevent domain controller using wpad for windows update was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, proxy, domain-controller, windows-update, wpad.

We have a 2012 domain controller in an environment where we are running a web proxy auto discovery (WPAD) setup for client devices, and that proxy server requires authentication. However windows update does not support proxy servers requiring authentication.

So we want to prevent windows update on our servers from using the WPAD proxy settings. On a domain member server we can log in to the local administrator account (not domain admin) and un-tick the the “Auto detect proxy settings” in IE internet options and that fixes the issue on those servers. But a domain controller does not have a local admin account, as that account is the domain admin account. Doing this to the domain admin account on the DC does not prevent it from using WPAD.

Our whole purpose of running a proxy server that requires authentication is so we can identify what the users on our session based remote desktop servers are doing on the internet.

See this MS KB Article for some info about Windows update and proxy servers

“How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site”

I had the same issue on Windows 2008 R2 with WPAD record.
To fit it we add fake DNS record to hosts file like WPAD and after restart the update client it stop using proxy. In some cases the Server needs to be rebooted after WPAD block.


Leave a Reply

Your email address will not be published. Required fields are marked *