How to Configure Windows System-Wide Proxy Settings for LOCAL SYSTEM Account in Services


2 views 



When dealing with Windows services running under the Local System account, traditional proxy configuration methods fail because:


    

  • Registry settings under HKCU only affect interactive user sessions
    • 

  • The LOCAL SYSTEM account (SID: S-1-5-18) has no user profile in the conventional sense
    • 

  • Group Policy settings may override manual configurations
    • 





The most reliable method is modifying the machine-wide Windows registry settings:



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="192.168.1.100:8080"
"ProxyOverride"="<local>;*.contoso.com"



For deployment across multiple machines, use this PowerShell snippet:



# Configure system-wide proxy settings
$regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
$proxyServer = "corporate-proxy:3128"

# Enable proxy
Set-ItemProperty -Path $regPath -Name "ProxyEnable" -Value 1 -Type DWord

# Set proxy server
Set-ItemProperty -Path $regPath -Name "ProxyServer" -Value $proxyServer -Type String 

# Configure bypass list
Set-ItemProperty -Path $regPath -Name "ProxyOverride" -Value "<local>;*.internal" -Type String

# Force refresh (requires WinHTTP service restart)
Restart-Service -Name WinHttpAutoProxySvc -Force



For applications using WinHTTP directly (like some services):



:: Command prompt as Administrator
netsh winhttp set proxy corporate-proxy:8080 "<local>;*.example.com"



Confirm your settings took effect with these checks:


    

  • Registry: reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
    • 

  • WinHTTP: netsh winhttp show proxy
    • 

  • Test connection: curl.exe -v http://example.com --proxy corporate-proxy:8080
    • 



    

  • Always restart dependent services after configuration changes
    • 

  • Check Event Viewer for Windows Filtering Platform logs if connections fail
    • 

  • Consider using ProxySettingsPerUser=0 in registry for machine-wide enforcement
    • 

  • For modern Windows services, test with both WinINET and WinHTTP configurations
    • 







When working with Windows services running under the LOCAL SYSTEM account, standard proxy settings configured through Control Panel or HKEY_CURRENT_USER registry don't apply. This creates connectivity issues for services that need internet access through corporate proxies.


The Windows registry stores proxy settings at multiple levels:


1. Current User: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
2. Default User: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
3. System Account: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings


For system-wide proxy settings affecting all users including LOCAL SYSTEM, you need to configure WinHTTP proxy settings:


netsh winhttp set proxy proxy-server="http=proxy.example.com:8080;https=proxy.example.com:8080" bypass-list="*.contoso.com;localhost"



For services that need to set proxy programmatically:


using Microsoft.Win32;

public static void SetSystemProxy(string proxyAddress, bool enableProxy)
{
    // Set for WinHTTP (system-wide)
    System.Diagnostics.Process.Start("netsh", 
        $"winhttp set proxy proxy-server=\"{proxyAddress}\" bypass-list=\"localhost\"");

    // Set for current user (optional)
    using (RegistryKey key = Registry.CurrentUser.OpenSubKey(
        @"Software\Microsoft\Windows\CurrentVersion\Internet Settings", true))
    {
        key.SetValue("ProxyEnable", enableProxy ? 1 : 0);
        key.SetValue("ProxyServer", proxyAddress);
    }
}



For enterprise environments, the most reliable method is Group Policy:


1. Open gpedit.msc
2. Navigate to: Computer Configuration → Administrative Templates → Windows Components → Internet Explorer
3. Configure "Make proxy settings per-machine (rather than per-user)"
4. Set "Proxy settings" with your required configuration



Check effective proxy settings with PowerShell:


# Check WinHTTP settings
netsh winhttp show proxy

# Check Internet Explorer settings
(Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings").ProxyServer



    

  • Ensure the service account has network access permissions
    • 

  • Verify proxy authentication requirements
    • 

  • Check bypass-list includes necessary internal domains
    • 

  • Test connectivity with Test-NetConnection in PowerShell
    • 



For applications using WinINET (like Internet Explorer), you can force system-wide settings:


const int INTERNET_OPTION_SETTINGS_CHANGED = 39;
const int INTERNET_OPTION_REFRESH = 37;

[DllImport("wininet.dll", SetLastError = true)]
static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer, int dwBufferLength);

public static void RefreshSystemProxySettings()
{
    InternetSetOption(IntPtr.Zero, INTERNET_OPTION_SETTINGS_CHANGED, IntPtr.Zero, 0);
    InternetSetOption(IntPtr.Zero, INTERNET_OPTION_REFRESH, IntPtr.Zero, 0);
}