Webroot Web Security Service

Transcription

Webroot Web Security Service
Webroot
®
Web Security Service
Desktop Web Proxy Configuration Guide
Webroot Software, Inc.
385 Interlocken Crescent
Suite 800
Broomfield, CO 80021
www.webroot.com
WSS 4.4.0-2
Desktop Web Proxy Configuration Guide
September 2011
© 2011 Webroot Software, Inc. All rights reserved. Webroot, the Webroot icon, and the Webroot tagline are
trademarks or registered trademarks of Webroot Software, Inc., in the United States and other countries. All other
trademarks are properties of their respective owners.
Technical Support
Technical support is available by calling any of these toll-free phone numbers:
•
APAC (outside of Australia):
+61 (0)2 8071 1903
•
Australia:
1-800-212-640
•
Sweden:
+46 (0) 8 555 36 161
•
United Kingdom:
0800 804 7015
+44 800 804 7015 (international)
•
United States:
877-612-6009
Send questions to our automated ticket response system:
SaaSsupport@webroot.com (APAC, Australia, United Kingdom, and United States)
supportnordic@webroot.com (Sweden)
We will respond within one business day.
Log a ticket in the Support Website:
http://mysite.webroot.com/forms/saasCaseSubmissionForm
WSS 4.4.0-2
Contents
1: Installing Desktop Web Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
System and browser requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
About the DWP Installation Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Downloading the DWP package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Installing DWP on individual workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Installing DWP on multiple workstations (silent install) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Installing DWP in hidden mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Using ARP commands with MSI parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Installing DWP using Group Policy Object (GPO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Activating DWP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Installing DWP version updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Automating DWP updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Updating DWP manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Uninstalling a hidden DWP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
2: DWP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Configuring DWP using the Management Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Enabling the Account to use DWP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Entering DWP settings at the Account level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Overriding settings at the group level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Bypassing the Web Security Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Authenticating DWP user credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Managing hot spots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Configuring a proxy automatic configuration (PAC) file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Logging DWP events and running diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Using Windows’ Group Policy Object (GPO) to configure DWP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
3: Client-Specific Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Setting proxy connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Configuring the DWP logging level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Configuring proxy settings for applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Configuring DWP to use a PAC file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Using a script to automate registry settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
4: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
FAQs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Viewing running processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Running diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Using the DWP Latency Tester . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Using DWP Network Packet Capture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
PAC file is unavailable when user profile folders are remapped . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Desktop Web Proxy Configuration Guide
iii
WSS 4.4.0-2
Contents
iv
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
1: Installing Desktop Web Proxy
The Desktop Web Proxy (DWP) is a service that manages traffic from users’ computers to the Web
Security Service by routing all traffic to the data center nearest the user’s computer.
You can install DWP individually on each workstation using the downloaded msi installation
package, or by using a Group Policy Object editor or other batch installation for a mass rollout.
Note
Windows Vista and Windows 7 require administrative rights to install DWP even if the administrator
has these rights on the machine. To install on Windows Vista, run the MSI installation with an elevated
command prompt.
Topics in this chapter:
` System and browser requirements . . . . . . . . . . . . . . . . . . . . page 2
` About the DWP Installation Packages . . . . . . . . . . . . . . . . page 2
` Installing DWP on individual workstations . . . . . . . . . . . . page 4
` Installing DWP on multiple workstations (silent install) . . page 4
` Installing DWP in hidden mode . . . . . . . . . . . . . . . . . . . . . page 5
` Installing DWP using Group Policy Object (GPO) . . . . . . . page 7
` Activating DWP globally . . . . . . . . . . . . . . . . . . . . . . . . . . page 7
` Installing DWP version updates . . . . . . . . . . . . . . . . . . . . . page 8
` Uninstalling a hidden DWP . . . . . . . . . . . . . . . . . . . . . . . . . page 9
Desktop Web Proxy Configuration Guide
1
WSS 4.4.0-2
1: Installing Desktop Web Proxy
System and browser requirements
You can install the Desktop Web Proxy on these systems:
•
Windows XP Service Pack 2, 32-bit
•
Windows XP Service Pack 3, 32-bit
•
Windows 2003, 32-bit
•
Windows Vista, 32- and 64-bit
•
Windows 7, 32- and 64-bit
•
Windows 2008 Enterprise, 32- and 64-bit
•
Citrix Presentation Server 4.5, 32-bit
•
Citrix XenApp 5.0, Windows 2008 Enterprise, 32-bit
•
Citrix XenApp 6.0, Windows 2008 R2 Enterprise, 64-bit
You can use DWP with these browsers:
•
Microsoft Internet Explorer version 7, 8, and 9, 32-bit and 64-bit
•
Mozilla Firefox version 3.6, 4.0, and 5.0
•
Google Chrome 11 and 12
About the DWP Installation Packages
The Desktop Web Proxy is available in two installation packages:
•
DWPSetup.msi installs the standard version of DWP.
•
DWPSetup_NoUninstall.msi installs a version of DWP that cannot be uninstalled. This
installer disables the Remove and Change buttons in the Add or Remove Programs option
of the Windows Control Panel.
You can use either installation package to install DWP, using any of the methods described in this
chapter—on individual machines, on multiple machines, in hidden mode, or using GPO.
DWP can be uninstalled using the .msi installer if the DWPSetup_NoUninstall.msi is used.
Downloading the DWP package
The DWP MSI package is available from the Web Security Service Management Portal.
To download the DWP package:
1
Log in to the Web Security Service Management Portal.
2
Open the Resources tab.
The Resources tab opens at the Downloads page.
2
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Downloading the DWP package
Standard version of DWP
Uninstallable version of DWP
3
4
Click a DWP link:
–
DWP installs the standard DWP package
–
DWP (Uninstall Disabled) installs a version of DWP that cannot be uninstalled
Follow the browser prompts to save the installer zip file into a location of your choice.
•
If you used Mozilla Firefox to access the Management Portal, you can continue with
the installation method of your choice as described in rest of this chapter.
•
If you used Microsoft Internet Explorer, continue through the end of this procedure.
This information applies to various versions of Windows Internet Explorer:
You can successfully download the DWP zip archive, but you might get an error when
you open the archive. There is a known bug about downloaded zipped files through
Internet Explorer. The downloaded file appears corrupted and can’t be opened.
For more information about this issue, see:
http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/
bf4077dd-20bc-4f66-bf73-b79a2440cf30/
http://support.microsoft.com/kb/2002350
5
If you used Internet Explorer to download, rename the file to append .gz to the end of the
filename:
DWPSetup.zip.gz or DWPSetup_NoUninstall.zip.gz
6
Use Winzip or 7-Zip (an open source software) to extract the original archive from the
renamed file. Then continue with the installation method of your choice.
Desktop Web Proxy Configuration Guide
3
WSS 4.4.0-2
1: Installing Desktop Web Proxy
Installing DWP on individual workstations
Use the downloaded msi installation package to install DWP on individual workstations, or on a
Terminal Service or Citrix server. See “System and browser requirements” on page 2 for supported
versions.
To install DWP on an individual workstation:
1
Load the installation package on a desktop or laptop computer.
2
Double-click one of the installation files:
DWPSetup.msi or DWPSetup_NoUninstall.msi
3
Follow the instructions in the DWP setup wizard.
The settings are automatically applied to the browsers.
Note: The settings are not automatically applied to the browsers in either of these cases:
•
The Activate DWP on Install option on the Management Portal is set. If this option is
not set, you can configure the browsers manually by right-clicking the DWP icon in
the system tray and selecting Apply Proxy Setting.
•
The Apply portal settings to the DWP clients option is turned off at both the account
and group levels. If the option is on at either the account or group level, the settings
are applied.
Installing DWP on multiple workstations (silent
install)
Use the silent option to install DWP on multiple workstations without using an installation
interface. The procedure assumes you are familiar with MSI package installations. See “System
and browser requirements” on page 2 for supported versions.
To use the silent option for mass rollout:
1
On the command window, append /quiet to the installation command:
DWPSetup.msi /quiet or DWPSetup_NoUninstall.msi /quiet
Note the space before /quiet.
2
To specify restart options after installation, you can use these command-line options:
•
/norestart: Does not restart the computer after the installation.
•
/promptrestart: Prompts the user for a restart if necessary.
•
/forcerestart: Always restart the computer after installation.
The settings are automatically applied to the browsers.
Note: The settings are not automatically applied to the browsers in either of these cases:
•
The Activate DWP on Install option on the Management Portal is set. If this option is
not set, you can configure the browsers manually by right-clicking the DWP icon in
the system tray and selecting Apply Proxy Setting.
4
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Installing DWP in hidden mode
•
The Apply portal settings to the DWP clients option is turned off at both the account
and group levels. If the option is on at either the account or group level, the settings
are applied.
For a complete list of command-line options, use /help at the command window.
Installing DWP in hidden mode
Installing DWP in hidden mode prevents users from making changes to DWP. When you install
DWP in hidden mode:
•
the shortcut Launch Desktop Web Proxy does not appear in the Start menu
•
the DWP icon doesn’t appear in the system tray
.
Note
If DWP is being managed by the portal, you must set the portal option Hide Icon in Tray, even though
you are installing DWP in hidden mode. See “Hide Icon in Tray” on page 14.
Using hidden mode, you can specify MSI parameters to remove the Change and Remove buttons,
or remove the DWP plug-in entirely from the Add or Remove Programs option of the Windows
Control Panel.
Logging and diagnostics are not supported in hidden mode—they are supported only if you
reinstall DWP with the regular installation, without the hidden switch.
To install DWP in hidden mode:
In the command window, type
Msiexec /i <Path_to_dwp_msi_file> /q dwpmode=hidden
Using ARP commands with MSI parameters
Advanced users who are experienced with MSI package modification can enforce higher levels of
invisibility with any of the ARP commands, using these parameters:
MSI parameters
ARPNOMODIFY={""|1}
• 1 removes the Change button from Add/Remove Programs,
preventing the user from changing the DWP client.
• Blank ("") means the Modify button is available for the DWP
client.
Note: The DWP Uninstall Disabled installer also removes
the Change button from Add or Remove Programs.
Desktop Web Proxy Configuration Guide
5
WSS 4.4.0-2
MSI parameters (continued)
ARPNOREMOVE={""|1}
• 1 removes the Remove button from Add/Remove
Programs, preventing the user from uninstalling the DWP
client.
• Blank ("") or omitting this parameter means the Remove
button is visible for the DWP client.
Note: The DWP Uninstall Disabled installer also removes
the Remove button from Add or Remove Programs.
ARPSYSTEMCOMPONENT= • 1 removes the plug-in itself from Add/Remove Programs.
{""|1}
• Blank ("") or omitting this parameter means the DWP client
has an entry in Add/Remove Programs.
For example:
Msiexec /i <Path_to_dwp_msi_file> ARPNOMODIFY=1
For more details about these parameters, see Microsoft’s Developer Network (MSDN) library.
Note
To restart a hidden DWP either restart the computer, or use Administrative Tools’ Services console to
restart the DWP Local Proxy Service. To restore MSI parameters to their original settings, uninstall
DWP (see “Uninstalling a hidden DWP” on page 9) and re-install it without the hidden switch.
6
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Installing DWP using Group Policy Object (GPO)
Installing DWP using Group Policy Object
(GPO)
You can install and deploy DWP using Group Policy Object (GPO). This method of installation
requires that you are experienced with Microsoft’s Active Directory and that you are using GPO in
your environment.
Note
If you install and deploy DWP using GPO, use the DWP_NoUninstall package (see “About the DWP
Installation Packages” on page 2). If you use GPO to install DWP, use the GPO Editor if you need to
uninstall it. Do not use Add/Remove programs to remove DWP.
GPO information is available on Microsoft’s Help and Support sites:
•
http://support.microsoft.com/default.aspx?kbid=314934
Expand On This Page to display all related subtopics.
•
http://support.microsoft.com/?kbid=302430
This site describes how to assign or publish software to users using GPO.
Activating DWP globally
If you use the Management Portal to manage DWP, you can activate DWP globally without
having it apply settings to the browsers. The Activate DWP on Install option is on by default for
new accounts and groups, so that when DWP is installed on a machine in that account and DWP is
managed by the portal, it automatically applies its settings to the browsers.
If, however, you want to deploy DWP across multiple machines in the network but don’t want it to
be used immediately, you can disable this option before you deploy DWP, then enable it later. The
Activate DWP on Install option is on the DWP Configuration subtab of the Account and of each
user group:
To disable automatic DWP activation:
1
Log in to the Web Security Service Management Portal.
2
In Edit mode, open the DWP Configuration subtab of either the Account or a user group.
3
Select Apply portal settings to DWP clients to enable settings for editing.
4
Clear the Activate DWP on Install box.
5
Save your settings. If you are configuring user groups, repeat for every group as required.
When Activate DWP on Install is unchecked, you can apply settings to the browser
manually by right-clicking on each DWP tray icon and selecting Apply Proxy Setting.
Desktop Web Proxy Configuration Guide
7
WSS 4.4.0-2
Installing DWP version updates
You can enable automatic updates to DWP clients, or have users initiate their updates manually.
Automating DWP updates
Automatic updates to DWP clients are enabled on the Web Security Service Management Portal at
the Account level.
To enable automatic DWP updates at the Account level:
1
Log in to the Web Security Service Management Portal.
2
Open the Accounts tab in Edit mode.
3
Under the User Configuration section, select Automatically Update the DWP.
If the setting is enabled, the Account automatically sends updates to the DWP clients. If
the setting is disabled, you must manually download DWP updates to all clients. This
setting is inherited by all user groups; you can override for selected groups as required.
4
Save your setting.
Updating DWP manually
If you don’t want to use the automatic update feature, you can have users initiate their own
updates. Make sure these users have access to the DWP icon on their system tray. Because this
update method is user-initiated, you might have various DWP versions throughout your Account.
To initiate a DWP update at the client:
1
Hold down the Ctrl key, right-click the DWP icon on the system tray.
2
Select Update Now from the pop-up menu.
The installer program examines the DWP version on the desktop. If an older version is
found, the DWP client is installed in silent mode. Otherwise, a message states that no
updates are available.
8
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Uninstalling a hidden DWP
Uninstalling a hidden DWP
If you modified the MSI parameters (“MSI parameters” on page 5), the DWP might be hidden and
inaccessible through the Add/Remove Programs utility.
To uninstall a hidden DWP:
Run the original MSI installer and select the Remove Desktop Web Proxy option.
Desktop Web Proxy Configuration Guide
9
WSS 4.4.0-2
1: Installing Desktop Web Proxy
10
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
2: DWP Configuration
Topics in this chapter:
` Configuring DWP using the Management Portal . . . . . . . page 12
` Using Windows’ Group Policy Object (GPO) to configure DWP page 27
Desktop Web Proxy Configuration Guide
11
WSS 4.4.0-2
2: DWP Configuration
Configuring DWP using the Management Portal
You configure the Desktop Web Proxy from the Web Security Service Management Portal for
deployment to all computers that have DWP installed. You can define a management configuration
at the Account level that applies to all groups, then override settings at the Group level as
appropriate.
DWP clients poll the Web Security Service server every 15 minutes for any changes that were
made on the Management Portal, then uses the new settings.
Caution
DWP settings entered on the Management Portal are deployed to all computers that have the DWP
client installed. If DWP was configured individually on those computers, those settings are
overwritten because portal-based settings take precedence.
Enabling the Account to use DWP
Settings described here are applied to all user-based groups. Each group can override
Account-level settings.
To enable the Account for DWP:
1
Log in to the Web Security Service Management Portal.
2
Open the Accounts tab in Edit mode.
3
On the Account subtab, enter these required configurations:
a
Select the checkbox for Enable DWP User Creation.
This setting enables automatic user registration into the Web Security Service when
users in the corporate network first connect using DWP. DWP checks the Web
Security Service to see if the connecting user has an existing entry. If no entry exists,
DWP creates a user name and password for the user.
b
Keep the default group in DWP User Creation Default Group or select another.
The DWP User Creation Default Group setting specifies a user-based group to which
DWP adds new users by default, because the Web Security Service requires users to
belong to groups. The selection list shows user-based groups only
In general, before changing a user group to an IP group, make sure it has no users and that it is
not the group for DWP to add users.
Desktop Web Proxy Configuration Guide
12
WSS 4.4.0-2
Entering DWP settings at the Account level
Caution
The DWP expects the User Creation Default Group to be a user-based group. You can,
however edit the group to be IP-address-based. Before changing the group to IP-based, edit
the Account and select another default group for new DWP users or creating users using
DWP will fail.
4
Continue to Entering DWP settings at the Account level.
Entering DWP settings at the Account level
When the Account is enabled for DWP user creation, you can use the Management Portal to
further configure DWP, to ensure consistency among all groups. You can override individual
group settings as necessary.
To enter DWP settings at the Account level:
1
Log in to the Web Security Service Management Portal and open the Accounts tab.
2
Click Edit on the Account subtab.
3
Verify that the Account is enabled for DWP, as described in “Enabling the Account to use
DWP” on page 12.
4
Open the DWP Configuration subtab.
Desktop Web Proxy Configuration Guide
13
WSS 4.4.0-2
2: DWP Configuration
5
Set DWP configuration options:
DWP Configuration
General Settings
Prevent user access to
browser proxy settings
Controls users’ ability to change browser proxy settings:
• Not Configured: Enabled by default. Prevents DWP from
conflicting with Group Policy Object (GPO) trying to modify the
same settings, by locking user access to browser proxy settings.
When this option is enabled, GPO settings take precedence
because DWP is not modifying settings.
• Enabled: DWP modifies settings to prevent users from
modifying their proxy settings in the browser.
Note: If this option is enabled, you must set it to Disabled 15
minutes before you uninstall the DWP.
• Disabled: DWP modifies settings, so that users can modify their
proxy settings in the browser.
Note: If a GPO in the customer’s environment is locking the
proxy settings, DWP does not override it. It’s not possible to
predict whether GPO or DWP will prevail in this situation,
however, so we recommend that you disable any GPO actions
that are locking proxy settings in the customer’s environment
while using this feature. If you want the GPO settings to
prevail, leave this setting as Not Configured.
In Firefox, the Settings button is hidden if the browser control
setting is applied using DWP.
The Settings button
does not appear here
if DWP applies the
browser control
setting.
Hide Icon in Tray
Hides the DWP icon on the end user’s system tray, preventing the
end user from accessing DWP functions.
For more information see the Desktop Web Proxy Configuration
Guide, which is available on the Management Portal at Resources >
Documents.
Desktop Web Proxy Configuration Guide
14
WSS 4.4.0-2
Entering DWP settings at the Account level
DWP Configuration (continued)
List of Caching Proxies
Proxy names and port numbers of caching proxies at your gateway
locations. Allows mobile users to connect transparently to either
caching proxies or directly to the Web Security Service.
For a single caching proxy, separate the name and port with a
colon:
ProxyName:port
For multiple caching proxies, separate proxies with a semicolon
and end the string with a semicolon:
ProxyName1:port1;ProxyName2:port2;
Enable Automatic
Configuration Script
(PAC File)
Enable use of a Proxy Auto Configuration (PAC) script to tell
browsers where to route users’ page requests. If enabled, works
with the PAC File Location option.
PAC File Location
The URL or local network path to the configuration script. DWP
copies the script to the local machine, then applies the settings to the
browser. DWPclients must be restarted after PAC configuration
options are set.
Note: Firefox is unable to parse PAC files correctly if the local
path or the DWP username contains the # special character (for
example, user#1). In this case, traffic is not filtered.
See the Web Security Service Administrator Guide for details.
Monitor Port 80 and 443 Uploads process data to the Monitors | Port Monitor tab, to help
usage
the Admin identify rogue applications that are using default ports 80
and 443. See the Web Security Service Administrator Guide for
details.
Allow Unsafe Browsing
Editable if Enable Dynamic Hot Spot Management is selected.
Allows users to bypass the Web Security Service to browse the
Internet in hotspot environments where access might be blocked or
re-routed. If not set, DWP opens an error page and prevents users
from browsing the Internet in hotspots.
To Bypass the Web Security Service
See “Bypassing the Web Security Service” on page 18 for details about these options.
Browser Bypass
Enter the sites stored in the browser’s exception list.
DWP Bypass
Enter the URLs to be accessed directly by DWP without going
through the Web Security Service.
Configured by Default as Active
Proxy Address
Required. The address of the Web Security Service data center. This
proxy address should be changed only at the service provider’s
direction.
Proxy Port
Required. Do not change this setting. Only ports 80, 3128, or 8080
can be used. .
Desktop Web Proxy Configuration Guide
15
WSS 4.4.0-2
2: DWP Configuration
DWP Configuration (continued)
Apply portal settings to
the DWP clients
Enabled by default when the service provider created the Account,
so that you can enter and deploy DWP settings that are consistent
throughout the Account.
Caution: If you keep this option selected, any DWP settings
previously entered at each client computer are
overwritten after you click Save.
If you clear this checkbox, all options become read-only and the
settings are not functional. If you are in Edit mode, selecting this
checkbox makes other options editable.
Activate DWP on Install Selected by default. DWP client installations are not activated by
default, so settings are not yet applied. After you save this setting,
DWP client installations are automatically activated and the settings
are immediately applied to the users’ browsers.
6
Enable Dynamic Hot
Spot Management
Automatically handles hotspot billing systems. DWP enters direct
mode if it detects that a user’s browser is blocked by a hotspot. The
user is connected to the Web Security Service when billing or
sign-up is complete.
If you enable hot-spot detection, DWP tries to access ports 3128,
8080, 80, and 443 in succession, and uses the first of those ports that
is accessible.
Use the IE Browser
setting “Bypass proxy
server for local
addresses”
Selects the Internet Explorer option that sends all traffic to
non-routable IP addresses.
See “Bypassing the Web Security Service” on page 18.
Enable Automatic User
Name Resolution:
Synchronizes the Web Security Service and client user name and
password for users in the corporate network. If a Web Security
Service user name and password are not configured in DWP, DWP
requests the service to generate the credentials and DWP stores
them locally. With this option enabled, passwords are updated
automatically if they change in the service.
Note: This option only works if the request from DWP is from
within your corporate network via the configured IP addresses
on the Web Security Service. If the initial connection to DWP is
not within the network, credentials are not created.
To use this option, your corporate firewall must allow requests on
port 80 and 443 directly to the Web Security Service. See your
Provisioning Notification Document for information about allowed
ports.
Click Save.
Your settings apply to all user-based groups in the Account.
Desktop Web Proxy Configuration Guide
16
WSS 4.4.0-2
Overriding settings at the group level
Overriding settings at the group level
All user-based groups inherit their DWP settings from the Account. You can, however, configure
individual user-based groups to have their own settings based on business requirements.
To override Account settings:
1
Log in to the Web Security Service Management Portal.
2
Open the Groups tab.
3
Locate the user group and click its Edit link.
4
Open the DWP Configuration subtab.
5
Enable Use Group Settings and Apply portal settings to the DWP clients.
The DWP options are now ready for editing. Refer to “DWP Configuration” on page 14
for a description of each option.
6
Save your settings, and repeat for each required user group.
The settings will be applied to the members of the groups when the DWP clients poll the
server every 15 minutes to get updates.
Desktop Web Proxy Configuration Guide
17
WSS 4.4.0-2
2: DWP Configuration
Bypassing the Web Security Service
If there are sites that the Web Security Service cannot resolve and access, you can configure the
DWP to bypass the filtering service and send HTTP requests directly to the sites.
You can bypass filtering using one of these approaches:
•
Bypass both DWP and the Web Security Service so that the browser takes the users
directly to the specified sites. This method takes the highest precedence and uses the
exception list entered into the browser. For convenience, define your lists in the Account’s
or group’s DWP Configuration subtab. After DWP receives this information, DWP
updates the users’ browser exception list.
Browsers have their own syntax for entering multiple items on a list. The Management
Portal requires you to use a single format, but DWP converts the format later to conform
to the browser’s syntax.
•
Use DWP to bypass the Web Security Service if the specified sites are accessed. The
procedure instructs you to enter the sites using a prescribed syntax.
•
Bypass filtering for local (Intranet) sites. This option works with IE browsers only.
Following are examples of browser-defined exception lists on Internet Explorer and Firefox.
Internet Explorer example
Firefox example
Sites to bypass DWP and web filtering
Caution
Be cautious about the URLs you enter in the text boxes, because no filtering and therefore no policy
will be applied when these URLs are accessed. Access to the URLs will not be logged.
Desktop Web Proxy Configuration Guide
18
WSS 4.4.0-2
Bypassing the Web Security Service
To bypass web filtering and enter an exception list in the browser:
1
On the Management Portal, open the DWP Configuration subtab in Edit mode.
2
Verify that Activate DWP on Install is selected:
3
In the Browser Bypass: Browser connects directly to the Internet text box, enter the
sites stored in the browser’s exception list. Use a semicolon to separate the site entries.
DWP converts the syntax into a browser-specific supported format. Both DWP and the
Web Security Service are bypassed for these sites.
4
Verify that the exception list is created in the browser.
To access sites directly using DWP and bypass web filtering:
1
In the DWP Bypass: DWP connects directly to the Internet text box, enter the URLs to
be accessed directly by DWP without going through the Web Security Service. Use one
line per domain. Don’t use IP addresses in place of domain names.
Use this general format:
domainname=DIRECT
Replace domainname with one of these values:
•
The fully qualified notation of the domain, so that the bypass is specific to that domain
•
A partial domain notation, to include subdomains within a domain.
For partial domains or URLs, start your entry with a leading dot (.) to include any
second-level domains within a domain.
The allowed formats are:
maps.google.com=DIRECT
google.com=DIRECT
google=DIRECT
www.google.com=DIRECT
Desktop Web Proxy Configuration Guide
19
WSS 4.4.0-2
2: DWP Configuration
If you accidentally type a forward slash within the entries, the browser session might end.
2
For Internet Explorer browsers only: If you want to bypass filtering for local (Intranet)
sites, select this checkbox:
3
Click Save.
This checkbox on the DWP Configuration subtab updates Internet Explorer’s Proxy server
settings in the LAN Settings dialog:
Authenticating DWP user credentials
The Web Security Service must identify the user’s name to check credentials and associate the user
with the correct web filtering group. To configure an environment that supports DWP, we
recommend using LDAP synchronization and DWP’s automatic user creation feature. Both
methods ensure that the user’s computer and the Web Security Service are synchronized and able
to service the requests from the DWP for user credentials.
Desktop Web Proxy Configuration Guide
20
WSS 4.4.0-2
Enabling automatic user creation
Enabling automatic user creation
If you cannot access your LDAP directory from the Web Security Service or you do not have an
LDAP interface, you can use automatic user account creation.
To enable automatic user creation:
1
Log in to the Web Security Service Management Portal.
2
Open the Accounts page and click Edit.
3
Verify that the setting Enable DWP User Creation is enabled. If not, select it.
The DWP creates user names on the service when the user accesses the Web. Users must
belong to a group, so new DWP users are created in the Default User Group. You can use
the Management Portal to reassign users to other policy-based groups later.
Synchronizing with LDAP
If you use LDAP synchronization to add users to the Web Security Service, the new user names
always match the Windows user names. The DWP identifies the Windows user name of the locally
logged-on user, then requests the Web Security Service for that user’s credentials. Set up one or
more LDAP-enabled groups on the Web Security Service that synchronizes in the appropriate
sAMAccountNames from your environment into the relevant groups. See the Web Security Service
Administrator Guide for details on LDAP-enabled groups.
Users added from LDAP initially have a Pending Activation status on the Users page. After new
users connect via DWP while inside the corporate network, the user status changes to Active.
Desktop Web Proxy Configuration Guide
21
WSS 4.4.0-2
2: DWP Configuration
Setting credentials for mobile users
Mobile users’ credentials are usually created automatically if the users first access the web within
the corporate network. Mobile users whose first access is outside the corporate network enter a
system-generated Authentication Code into the DWP client. The Web Security Service generates
an Authentication Code for each user group.
To use the authentication code:
1
Log in to the Web Security Service Management Portal.
2
Open the Accounts > General Information tab and confirm that the Account is enabled for
DWP user creation.
3
Open the Groups tab.
4
Locate the user group to which the mobile user belongs and click its Edit link.
The General Information subtab opens.
5
Open the Authentication subtab.
6
Verify that Allow Mobile User Access is enabled.
7
Open the DWP Configuration subtab.
a
Verify that the DWP icon is not hidden on the users’ system tray. If you need to clear
this checkbox but it is not editable, select Use Group Settings first.
Desktop Web Proxy Configuration Guide
22
WSS 4.4.0-2
Managing hot spots
The Hide Icon setting applies to all DWP users in the group. You can disable this
setting again later. Hiding the icon from the end user prevents the user from entering
client-specific settings.
b
8
Make note of the read-only Authentication Code; for example:
Communicate with the mobile user:
•
Provide the authentication code from the DWP Configuration tab.
•
Ask the user to right-click on the DWP icon on the system tray and select Credentials
from the menu. In the Authentication Details dialog, type the provided authentication
code in the box as shown.
Caution
Do not let the user change the other settings in Authentication Details. If the user is already
registered on the Web Security Service and Automatic User Name Resolution is enabled on
the Management Portal, the stored credentials will be used to authenticate the user. If
Automatic User Name Resolution is not enabled and the name and password are changed
here, the user will be blocked from Internet access.
This code identifies the Account to which the user belongs, and the DWP creates the user
login and adds the user to the group associated with the Authentication Code. The
credentials are stored on the mobile user’s laptop and used for subsequent Internet access.
Managing hot spots
The Dynamic Hot Spot Management feature allows mobile users to be redirected temporarily to a
hot spot provider’s sign up page and enter billing information.
Desktop Web Proxy Configuration Guide
23
WSS 4.4.0-2
2: DWP Configuration
To configure dynamic hot spot management:
1
To configure for all groups within the Account, display the Accounts tab in Edit mode.
Or
To configure a specific user group:
a
Select the Groups tab.
b
Display the specific group in Edit mode.
2
Select the DWP Configuration subtab.
3
Verify the following settings:
•
If you are editing the Account, ensure that Apply portal settings to the DWP clients
is selected:
Setting for
Account
•
If you are editing a group, ensure that Use Group Settings is selected:,
Setting for
Group
4
Configure the Enable Dynamic Hot Spot Management options:
Hot spot management options
5
Enable Dynamic Hot Spot
Management:
Select this option.
Automatically handles hotspot billing systems. DWP enters
direct mode if it detects that a user’s browser is blocked by a
hotspot. The user is connected to the Web Security Service
when billing or sign-up is complete.
If you enable hot-spot detection, DWP tries to access ports
3128, 8080, 80, and 443 in succession, and uses the first of
those ports that is accessible.
Allow Unsafe Browsing.
Optional.
Editable if Enable Dynamic Hot Spot Management is selected.
Allows users to bypass the Web Security Service to browse the
Internet in hotspot environments where access might be
blocked or re-routed. If not set, DWP opens an error page and
prevents users from browsing the Internet in hotspots.
Click Save.
Desktop Web Proxy Configuration Guide
24
WSS 4.4.0-2
Configuring a proxy automatic configuration (PAC) file
Configuring a proxy automatic configuration (PAC) file
To route traffic directly to web sites without going through the Web Security Service you can use
a proxy automatic configuration (PAC) file.
In a PAC file you configure rules that tell your browser how to make decisions about routing
HTTP requests. Construct the last rule in the PAC file to route all traffic to localhost on a listening
port such as 3128. The port number is dynamically replaced after you configure DWP to do so.
This section describes:
•
Creating the PAC file
•
Specifying the PAC file on the Web Security Service
Creating the PAC file
The Web Security Service provides a PAC file template for you to use with DWP.
To create a PAC file:
1
On the Management Portal, select Resources > Downloads.
2
Select the PAC file for DWP link.
The template opens.
3
Create your PAC file by copying the template’s contents and modify it to suit your
requirements. To go back to the Management Portal, click your browser Back button.
4
Save the PACfile on a web server, or an accessible local or network drive.
5
Continue to “Specifying the PAC file on the Web Security Service” on page 25.
Specifying the PAC file on the Web Security Service
You can specify a single PAC file for the entire account, or specify the PAC file only for a group.
Desktop Web Proxy Configuration Guide
25
WSS 4.4.0-2
2: DWP Configuration
To specify the PAC file:
1
To configure for all groups within the Account, display the Accounts tab in Edit mode.
Or
To configure a specific user group:
a
Select the Groups tab.
b
Display the specific group in Edit mode.
2
Select the DWP Configuration subtab.
3
Verify the following settings:
•
If you are editing the Account, ensure that Apply portal settings to the DWP clients
is selected:
Setting for
Account
•
If you are editing a group, ensure that Use Group Settings is selected:,
Setting for
Group
4
Select the Enable Automatic Configuration Script checkbox and enter the location of
your PAC file (a URL, or a local or network drive).
Note
Firefox browsers cannot parse PAC files if the local path to the file or the DWP username
contains the # character (for example, user#1). In this case, traffic is not filtered.
5
Click Save.
If you are remapping %USERPROFILE% folders to other drives, see “PAC file is
unavailable when user profile folders are remapped” on page 56 for more information.
Logging DWP events and running diagnostics
You can log DWP events for diagnostic purposes. This client-specific setting requires that the
DWP icon is visible on the desktop’s system tray. See “Configuring the DWP logging level” on
page 38 for details.
You run diagnostics on the DWP client. See “Running diagnostics” on page 48 for details.
Desktop Web Proxy Configuration Guide
26
WSS 4.4.0-2
Using Windows’ Group Policy Object (GPO) to configure DWP
Using Windows’ Group Policy Object (GPO) to
configure DWP
If you are experienced with Windows Active Directory and the Group Policy Object editor to
manage configurations, you can use the administrative template (ADM file) that is available from
the Web Security Service Management Portal. This template contains the registry settings required
to update the DWP installations within your Group Policy network.
To use the ADM template:
1
On the Web Security Service Management Portal, open Resources > Downloads.
2
Click ADM File to open the template.
3
Copy the contents and paste into a text editor, then save the file with the .adm extension.
Note
If you have already created ADM files for configuring DWP from the Group Policy Editor,
remove them before continuing to the next steps.
4
Open Active Directory Users and Computers.
5
Create a group policy object or edit an existing one.
6
In the policy, right-click Administrative Templates and select Add/Remove Templates:
The Add/Remove Templates window shows all current ADM files. For example:
Desktop Web Proxy Configuration Guide
27
WSS 4.4.0-2
2: DWP Configuration
7
Click Add, browse to the location where you saved the ADM file, and add it.
The DWP ADM file is added to the list. For example:
8
Close the window.
The Desktop Web Proxy Custom Configuration section appears on the Administrative
Templates list.
9
Select the newly added Desktop Web Proxy Custom Configuration template, then select
View > Filtering:
Desktop Web Proxy Configuration Guide
28
WSS 4.4.0-2
Using Windows’ Group Policy Object (GPO) to configure DWP
10 On the Filtering window, clear the checkbox Only show policy settings that can be fully
managed and click OK.
The GPO Editor window is refreshed with the new settings from the template. The right
pane displays all configurable settings for DWP. The settings are added to two folders:
one containing common settings and another containing user settings.
11 Expand these folders to see the settings:
•
Computer Configuration > Administrative Templates > Desktop Web Proxy
Custom Configuration
This folder displays the common settings.
•
User Configuration > Administrative Templates > Desktop Web Proxy Custom
Configuration
This folder displays user settings.
Desktop Web Proxy Configuration Guide
29
WSS 4.4.0-2
2: DWP Configuration
The settings’ states are initially shown as Not configured as in this example:
The following table maps the options on DWP’s System Configuration window to the user
settings on the GPO Editor. “Entering DWP settings at the Account level” on page 13
describes how the settings are used.
Mapping of DWP settings in System Configuration and GPO Editor windows
System Configuration settings
GPO Editor settings
Proxy Settings:
‰ Address
‰ Port
‰ RemoteProxyServerAddress
‰ RemoteProxyServerPort
Local Proxy Settings
‰ Local Proxy Port
‰ LocalProxyPort
Caching Proxy Settings:
‰ Address
‰ UpstreamProxies
Desktop Web Proxy Configuration Guide
30
WSS 4.4.0-2
Using Windows’ Group Policy Object (GPO) to configure DWP
Mapping of DWP settings (continued)in System Configuration and GPO Editor
System Configuration settings
GPO Editor settings
Connection:
‰ Enable Automatic User Name Resolution
‰ Enable Dynamic Hot Spot Management
‰ Allow Process Port Update
‰ Allow Unsafe Browsing
‰
‰
‰
‰
Automatic Configuration Script
‰ Enable Automatic Configuration
‰ Address
‰ EnableAutoConfigScript
‰ AutoConfigScriptAddress
EnablePrimeLogin
EnableCyberCafeMode
AllowProcessUpdate
AllowUnSafeBrowsing
12 In the user settings folder, leave the UserName setting as is (Not configured).
This ensures that DWP obtains credentials for all users, including mobile users who
connect from outside the corporate network. If you change the setting to Enabled, mobile
users are not authenticated properly and are blocked from Internet access.
13 Right-click the remaining settings to display the Properties window, and select Enabled.
Enabled settings use the default values, which you can modify.
Caution
Do not change the default values for ProcessUploadURL, ConnectionListURL, and
PrimeLoginURL, and CheckUpdateURL. See the following example.
The following example shows the Properties window for an enabled entry whose default
value you must not modify. The dialog displays a reminder for such settings.
This example shows the final settings:
Desktop Web Proxy Configuration Guide
31
WSS 4.4.0-2
2: DWP Configuration
In the example, some settings are disabled because they are disabled by default in DWP. If
you need to use a disabled feature, see To enable a feature that is disabled by default:
To enable a feature that is disabled by default:
1
Open the Properties dialog of a disabled feature.
This is an example of a disabled feature’s Properties dialog:
Desktop Web Proxy Configuration Guide
32
WSS 4.4.0-2
Using Windows’ Group Policy Object (GPO) to configure DWP
The dialog has a checkbox that corresponds to the checkbox in the DWP configuration
window (for details, see the mapping table on page 30).
2
Select the checkbox and click OK.
On the Group Policy Object Editor window, the feature’s state is changed from Disabled
to Enabled.
After the ADM is loaded, the settings are added to the Registry Editor in the folder
HKEY_LOCAL_MACHINE\SOFTWARE\Web Filtering. For 64-bit systems, the registry path is
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Web Filtering.
Refer to “Using a script to automate registry settings” on page 41 for related information.
Desktop Web Proxy Configuration Guide
33
WSS 4.4.0-2
2: DWP Configuration
Desktop Web Proxy Configuration Guide
34
WSS 4.4.0-2
3: Client-Specific Configuration
Topics in this chapter:
` Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 36
` Setting proxy connections . . . . . . . . . . . . . . . . . . . . . . . . . page 36
` Configuring the DWP logging level . . . . . . . . . . . . . . . . . page 38
` Configuring proxy settings for applications . . . . . . . . . . . page 39
` Configuring DWP to use a PAC file . . . . . . . . . . . . . . . . . page 40
` Using a script to automate registry settings . . . . . . . . . . . . page 41
Desktop Web Proxy Configuration Guide
35
WSS 4.4.0-2
3: Client-Specific Configuration
Introduction
The recommended way to configure the Desktop Web Proxy is with the Web Security Service
Management Portal. If necessary, however, you can configure specific DWP clients using the
DWP icon in the system tray:
DWP icon
The DWP icon does not appear in the system tray if DWP was installed in hidden mode.
Note
Ihe procedures in this chapter,apply to individual DWP clients. Client-specific settings are overridden
by updates entered in the Web Security Service Management Portal.
Setting proxy connections
To set proxy connections:
•
You must be logged in to the computer with Windows Administration privileges.
•
The Apply portal settings to the DWP clients option must be disabled at either the
account or group level. See “DWP Configuration” on page 11 for information.
To set proxy connections:
1
Right-click the DWP tray icon.
2
Select System Configurations.
36
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
3: Client-Specific Configuration
The System Configurations dialog opens.
Do not change
this setting
3
Keep the value in the WSSAAS Proxy Settings Address field. This is the address of the
web proxy service that is entered automatically by DWP.
DWP polls all data centers to ensure that they are available. If a data center is not
available, DWP connects to the next one and updates the Address field.
4
Keep the Local Proxy Port default.
This is the local port that listens for web traffic that is routed to the Desktop Web Proxy.
5
If your organization requires all corporate computers to connect to an internal proxy (such
as an ISA server) before connecting to the Internet, specify one or more URLs and
corresponding ports for this internal proxy server in the Caching Proxy Settings section.
Use one of the following formats. Separate the name from the port with a colon, and
separate multiple proxies with a semicolon.
ProxyName:port
or
ProxyName1:port1;ProxyName2:port2;ProxyName3:port3;
Note
With multiple caching proxies, a laptop with DWP installed connects with the available
caching proxy if it is inside the corporate network and if the caching proxy is detected. If the
laptop is outside the corporate network and the caching proxy is not detected, DWP
connects with the Web Security Service.
Desktop Web Proxy Configuration Guide
37
WSS 4.4.0-2
3: Client-Specific Configuration
6
Specify connection settings:
DWP system configuration settings
Enable Automatic User
Name Resolution
Synchronizes the Web Security Service and client user name and
password for users in the corporate network. If a Web Security Service
user name and password are not configured in DWP, DWP requests the
service to generate the credentials and DWP stores them locally. With
this option enabled, passwords are updated automatically if they
change in the service.
Note: This option only works if the request from DWP is from
within your corporate network via the configured IP addresses on
the Web Security Service. If the initial connection to DWP is not
within the network, credentials are not created.
To use this option, your corporate firewall must allow requests on port
80 and 443 directly to the Web Security Service. See your Provisioning
Notification Document for information about allowed ports. If you
want to support mobile users, see “Setting credentials for mobile
users” on page 22 for more information.
Allow Process Port
Update
Uploads process data to the Monitors | Port Monitor tab, to help the
Admin identify rogue applications that are using default ports 80 and
443. See the Web Security Service Administrator Guide for details.
Refer to the Web Security Service Administrator Guide for details.
Enable Dynamic Hotspot Automatically handles hotspot billing systems. DWP enters direct
Management
mode if it detects that a user’s browser is blocked by a hotspot. The
user is connected to the Web Security Service when billing or sign-up
is complete.
If you enable hot-spot detection, DWP tries to access ports 3128, 8080,
80, and 443 in succession, and uses the first of those ports that is
accessible.
Allow Unsafe Browsing
7
Editable if Enable Dynamic Hot Spot Management is selected. Allows
users to bypass the Web Security Service to browse the Internet in
hotspot environments where access might be blocked or re-routed. If
not set, DWP opens an error page and prevents users from browsing
the Internet in hotspots.
Click OK.
Configuring the DWP logging level
DWP logs are available to help you and your service provider diagnose connection problems. The
DWP logging level is configurable only on the client, not on the Management Portal.
Three levels of logging are available:
•
Basic–Logs errors; the default.
•
Medium–Logs errors and warnings.
•
Detailed–Logs messages, errors, and warnings.
38
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
3: Client-Specific Configuration
To change the logging level and to write a log:
1
Hold down the Shift key and right-click the DWP tray icon.
Logging levels
2
Select a logging level.
•
User-specific logs are written to %ALLUSERSPROFILE%\Application
Data\DWP_Webfiltering\<WindowsloginID>.<WindowsDomain>\DesktopWebProxy
_*.log
•
Generic logs are written to %ALLUSERSPROFILE%\Application
Data\DWP_Webfiltering\
The DWP_Webfiltering folder also contains uDWPStarter_CA.log and
uDWPStopper_CA.log, which contain installation information that is not related to
diagnostic logging.
Configuring proxy settings for applications
After configuring the DWP connections, configure the proxy for Internet applications. You can use
the Apply Proxy Setting option in DWP, or configure them in the browser.
To configure proxy settings using DWP:
1
Right-click the DWP tray icon and select Apply Proxy Setting.
2
In the pop-up submenu, select Internet Explorer or Firefox.
A message confirms that the options are set for the browser to connect to DWP.
To configure proxy settings in your browser:
1
Open your browser and access its proxy settings option.
2
Set the host name to localhost and the port to 3128.
Desktop Web Proxy Configuration Guide
39
WSS 4.4.0-2
3: Client-Specific Configuration
This example is for Internet Explorer:
3
To allow access to company intranet sites:
•
In Internet Explorer, select Bypass proxy server for local addresses
•
In Firefox, specify local addresses in the No Proxy For field, separated by commas.
Configuring DWP to use a PAC file
Before continuing with this section, ensure that the proxy auto configuration (PAC) file exists and
is defined in the Web Security Service (see “Configuring a proxy automatic configuration (PAC)
file” on page 25). Then follow the steps in this section to reference the PAC file in DWP.
To configure DWP to use your PAC file:
1
Right-click the DWP tray icon and select System Configurations.
The System Configurations dialog provides two fields for automatic proxy configuration:
2
Select Enable Automatic Configuration to enable PAC file support.
3
Enter the URL of the PAC file’s location in the Address box.
40
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
3: Client-Specific Configuration
The URL address is the one you specified for the PAC file—a web server address, or a
local or network drive. See “Specifying the PAC file on the Web Security Service” on
page 25.
4
Click OK.
5
Restart DWP.
To restart DWP, right-click the DWP icon on the system tray and select Re-start DWP, or
use the Administrative Tools > Services console to restart DWP Local Proxy Service.
After the DWP has restarted, DWP will configure the browsers to start using the PAC file.
Note
If you prefer to enter settings directly into the registry, refer to “Using a script to automate registry
settings” on page 41.
Using a script to automate registry settings
You can use a script to use the automate registry key for a mass rollout of DWP. You can run the
registry editor file directly from a batch login script, or configure it using the Windows Group
Policy editor (see “Using Windows’ Group Policy Object (GPO) to configure DWP” on page 27).
If you make registry changes directly, you must stop and restart DWP.
Caution
Use caution when editing the registry keys. Pay special attention to the information in “User
settings” on page 42 that specifies the keys not to change.
Sample scripts
You can use the sample scripts in this section to update your registry with DWP settings.
DWP settings are stored in these folders:
•
HKEY_LOCAL_MACHINE\SOFTWARE\Web Filtering for settings common to all users on the
system
•
HKEY_CURRENT_USER\Software\Web Filtering\ESTPM\Session Data
for per-user
settings
Common settings
You can use this script for settings that are common to all users:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Web Filtering]
"LoginSessionSetupWait"=dword:0000001e
"EnableAutoApplySettings"=dword:000000b4
"AutoApplySettingsDelay"=dword:00000000
"EnableAutoUpdate"=dword:00000001
"AutoUpdateInterval"=dword:00000007
Desktop Web Proxy Configuration Guide
41
WSS 4.4.0-2
3: Client-Specific Configuration
"Presence"="Present"
These are the common settings:
Key descriptions
LoginSessionSetupWait
The time DWP waits for any login scripts applied for the user.
By default, DWP waits for 180 seconds. You can use up to 300
seconds. Value is DWORD:000000b4
EnableAutoApplySettings
Enables DWP to apply the settings automatically to Internet
Explorer and Firefox. Can be 0 or 1. Default is 1. Value is
DWORD:00000001
AutoApplySettingsDelay
The number of seconds DWP waits before applying the settings
to Internet Explorer and Firefox. This is a work-around to avoid
conflicts with anti-virus software during restarts. Default is 0
and can be up to 300 seconds. Value is DWORD:00000000
EnableAutoUpdate
Configures the DWP to auto-update when the option is enabled
on the Management Portal and a new version is available. Can
be 0 or 1. Default is 1 for Yes. Value is DWORD:00000001
AutoUpdateInterval
The interval in number of days that DWP periodically checks
for updates. Default is the maximum of 7 days and can be
configured from 1–7 days. Value is DWORD:00000007
Presence
Configures DWP availability. Values are:
• Present–DWP icon appears in the system tray (default).
• Admin–DWP options are accessible only using administrator
logins.
• Cloaked–DWP options are hidden.
User settings
You can use this script for individual user settings:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Web Filtering\ESTPM\Session Data]
"UserName"=""
"Password"=hex:
"ProcessUploadURL"="/webfilter/services/processlist.php"
"ConnectionListURL"="/webfilter/services/connectionlist.php"
"PrimeLoginURL"="/webfilter/services/webreq.php"
"CheckUpdateURL"="/webfilter/services/update.php"
"ServiceURL"="http://dwp.ws.wssaas.com”
"RemoteProxyServerAddress"="wg.wrproxy.com"
"RemoteProxyServerPort"="3128"
"LocalProxyPort"="3128"
"ConnectionList"=""
"ObtainedPrimingURLs"=dword:00000001
42
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
3: Client-Specific Configuration
"EnablePrimeLogin"=dword:00000001
"EnableCyberCafeMode"=dword:00000000
"AllowProcessUpdate"=dword:00000000
"AllowUnSafeBrowsing"=dword:00000000
"UpstreamProxies"=""
"LoggingLevel"="errors"
"EnableAutoConfigScript"=dword:00000000
"AutoConfigScriptAddress"=""
These are the user settings:
Key descriptions
UserName
Always leave blank. DWP gets this from the Web Security
Service.
Password
Always leave blank. DWP gets this from the Web Security
Service.
ProcessUploadURL
Use the value in the sample script. Do not change this value.
ConnectionListURL
Use the value in the sample script. Do not change this value.
PrimeLoginURL
Use the value in the sample script. Do not change this value.
CheckUpdateURL
Use the value in the sample script. Do not change this value.
ServiceURL
Use the value in the sample script.
Determines the URL of the Web Security Service Management
Portal (as listed in the PND). This is usually not an editable
field; in all other cases, it is populated automatically.
RemoteProxyServerAddress The proxy server address that specifies the location of the Web
Security Service proxy. You can use the value in the sample
script , or ask your provider if another remote proxy server
address is appropriate for your location.
RemoteProxyServerPort
The proxy server port address that specifies the listening port of
the Web Security Service. Use either 3128 or 8080.
Default is 3128.
LocalProxyPort
Any available port number between 1025 and 65535 is
allowed, but DWP manages this value and prefers 3128, so
there is no need to change it.
Default is 3128.
ConnectionList
Leave blank. DWP polls the Web Security Service every 15
minutes for entries from the Accounts > DWP Configuration
subtab.
ObtainedPrimingURLs
If you provied the options RemoteProxyServerAddress,
ServiceURL, and RemoteProxyServerPort on the script,
use the value of 1; otherwise, use 0 so that DWP will configure.
Default value: dword:00000001
Desktop Web Proxy Configuration Guide
43
WSS 4.4.0-2
3: Client-Specific Configuration
Key descriptions (continued)
EnablePrimeLogin
Enables or disables the Automatic User Name Resolution
feature. Specify 1 to enable or 0 to disable. The recommended
setting is 1.
Default value: dword:00000001
EnableCyberCafeMode
Enables or disables the Dynamic Hotspot Management feature.
Specify 1 to enable or 0 to disable.
Default value: dword:00000000
AllowProcessUpdate
Enables or disables the Process on Port Update feature. Specify
1 to enable or 0 to disable.
Default value: dword:00000000
AllowUnSafeBrowsing
Enables or disables the Allows Unsafe Browsing feature.
Specify 1 to enable or 0 to disable.
Default value: dword:00000000
UpstreamProxie
One or more address:port entries of internal proxy servers,
if your organization requires that web traffic goes to those
servers (such as ISA servers).
Separate the URL and port with a colon, and separate multiple
proxies with a semicolon. For example:
proxyname:port
or
proxyname1:port1;proxyname2:port2;proxyname3:port3
LoggingLevel
Specifies the type of information to be logged.
Default: “errors”
Values are:
• "errors" = Logs errors only.
• "errors_warnings" = Logs errors and warnings.
• "everything" = Logs information, errors, and warnings.
See “Configuring the DWP logging level” on page 38 for more
information.
EnableAutoConfigScript
Specifies to use the PAC file located in
AutoConfigScriptAddress. Specify 1 to enable and 0 to
disable. If you specify 1, the option
AutoConfigScriptAddress must have a value.
Default value: dword:00000000
AutoConfigScriptAddress
The URL to the PAC file, provided on the Management Portal
Resources tab.
44
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
4: Troubleshooting
This chapter provides DWP troubleshooting tips. If you are unable to resolve issues after referring
to this information, contact Technical Support.
Topics in this chapter:
` FAQs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 46
` Viewing running processes . . . . . . . . . . . . . . . . . . . . . . . . page 47
` Running diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 48
` Using the DWP Latency Tester . . . . . . . . . . . . . . . . . . . . . page 49
` Using DWP Network Packet Capture . . . . . . . . . . . . . . . . page 52
` Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 55
` PAC file is unavailable when user profile folders are remapped page 56
Desktop Web Proxy Configuration Guide
45
WSS 4.4.0-2
4: Troubleshooting
FAQs
Why won’t the DWP automatically resolve a user name and password?
If DWP won’t resolve a user name and password:
•
Check your firewall. Ensure that your organizational firewall allows access to port 80,
443, and 3128 to the IP address range detailed on your Provisioning Notification
Document. This access allows the DWP to issue commands to the Web Security Service to
resolve the credentials.
•
Select the Enable Automatic User Name Resolution option from the DWP System
Configurations menu. See “DWP Configuration” on page 14.
•
Ensure that the user name exists on the Web Security Service or that Enable DWP User
Creation is enabled for the Account. Synchronize the user names directly from your
LDAP directory, or enable DWP to create users on demand. See “Enabling the Account to
use DWP” on page 12.
•
Confirm that the DWP is operating inside your configured IP range. You can only resolve
a user name from within your IP range, which is configured on your account in the
Management Portal. If DWP tries to resolve the user name and password outside the
configured IP range, it will fail and you must add it manually. When it is resolved, it
remains cached.
I see this web page popup: “You are connecting from a location that
requires you to logon.”
This message usually means that the DWP was unable to resolve the user name and password for
the user. See the troubleshooting tips for Why won’t the DWP automatically resolve a user name
and password?.
I already have the Internet Explorer plug-in version 1.0 installed. Do I still
need it?
No. The DWP replaces the Internet Explorer plug-in. After you install DWP, uninstall the Internet
Explorer plug-in using the Add/ Remove programs console in Windows.
Why do I occasionally see the notification, “Connecting to the Internet
Directly” when connection to the Web Security Service isn't available?
You see this message if the Dynamic Hotspot Management option is set in the DWP System
Configurations menu, and your browser is blocked by a hotspot. Dynamic Hot Spot Management
enables mobile users to be redirected temporarily to a hotspot provider’s sign-up page to enter
billing information. When billing or sign-up is complete, the connection is routed through the Web
Security Service again. You might also see this message if no network is available when you turn
on your computer. The Dynamic Hotspot Management option should only be enabled on
computers that are used for mobile access.
46
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
How do I enable the DWP to work for dial-up connections and VPNs?
How do I enable the DWP to work for dial-up connections and VPNs?
In Internet Explorer:
1
Open the Tools menu, select Internet Options, and open the Connections tab.
The text box labeled Dial-up and Virtual Private Network Settings lists additional
connections.
2
Select the connection on which to enable DWP and click Settings.
A dialog opens for you to configure the DWP proxy settings, which are usually the
address localhost and the port number 3128.
Does the DWP support Fast User Switching on Windows XP?
Yes, DWP supports Fast User Switching.
Viewing running processes
You can use the DWP menu to see each process that has tried to use port 80 (HTTP) or port 443
(HTTPS) to communicate.
To see which HTTP/ HTTPS applications are running on a machine:
1
Right-click the DWP icon in the system tray.
2
Select List HTTP/HTTPS Processes.
This example shows process details:
3
Review any processes that show 80 or 443 in the Port column and configure them to route
HTTP traffic via DWP.
Processes that are correctly configured display Managed in the Port column.
Desktop Web Proxy Configuration Guide
47
WSS 4.4.0-2
4: Troubleshooting
Running diagnostics
You can perform a diagnostic test that reads your current DWP settings and logs DWP activity into
a file. If you need help troubleshooting diagnostics logs, send the file to Technical Support.
To run diagnostics:
1
Hold down the Ctrl key and right-click the DWP tray icon.
2
Select Run Diagnostics from the pop-up menu.
The DWP Diagnostics window opens.
3
Click Start.
The DWP Diagnostics window shows the current state of the DWP.
4
Scroll down to view the captured events, including request and response strings, and the
results.
The diagnostics results are written to the DWP_Diagnostics.dat file and stored in this
location:
%ALLUSERSPROFILE%\Application Data\DWP_Webfiltering\<WindowsloginID>
Every time you run diagnostics, the latest information is appended to the file.
Note
The Copy to Clipboard option is available from the Diagnostics window. Select this option
to paste the diagnostics data from the current session into a text editor and save it to a file.
You still have DWP_Diagnostics.dat, which was generated when you clicked Start.
5
Click Done to close the window.
48
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Using the DWP Latency Tester
Using the DWP Latency Tester
The DWP Latency Tester gathers latency data for use by Technical Support in troubleshooting
connection problems. You only need to use this tool at the request of Technical Support.
The Latency Tester is integrated with the DWP Network Packet Capture tool. When you start a
latency test, DWP creates a folder named DWP_Pcaps and begins capturing packets from active
adapters. The packet capture stops automatically when the test completes. See “Using DWP
Network Packet Capture” on page 52 for details.
The Latency Tester connects to a default set of web sites, which are identified in the file
latcheck.conf.xml. The default set of sites is based on the location of the system you’re testing:
System Location
Default Sites to Test
United States
•
•
•
•
•
•
•
www.yahoo.com
www.chase.com
www.bankofamerica.com
www.united.com
www.yelp.com
www.cnn.com
www.stanford.com
United Kingdom/EMEA
•
•
•
•
•
•
•
uk.yahoo.com
www.lloydsbankinggroup.com
www.bbc.co.uk
www.britishairways.com
www.thetimes.co.uk
www.ox.ac.uk
www.squaremeal.co.uk
Australia
•
•
•
•
•
•
•
au.yahoo.com
www.eatability.com.au
www.qantas.com.au
www.abc.net.au
www.commbank.com.au
www.heraldsun.com.au
www.uws.edu.au
You can modify the latcheck.conf.xml file to add or delete web sites as appropriate for your
system. The file is installed with DWP in C:\Program Files\Web Security Service\Desktop
Web Proxy\latcheck.conf.xml.
Note
If you modify latcheck.conf.xml, change only the default troubleshooting sites.
The Latency Tester reads latcheck.conf.xml and connects twice to each site listed—once
directly, and once through the DWP. The tester connects to each set of sites three times, and
records this information:
•
the time it takes to connect directly
•
the time it takes to connect through the proxy
Desktop Web Proxy Configuration Guide
49
WSS 4.4.0-2
4: Troubleshooting
•
the latency difference on each pass
•
the average latency difference from the three passes.
The DWPLatencyTest.txt file contains the results of the test.
Latency Check Run 1....
Resource requested
Time Direct
Time Proxy
Diff (TP - TD)
-----------------------------------------------------------------------http://www.yahoo.com/
297ms
500ms
203ms
https://www.chase.com/
843ms
01s:157ms
314ms
https://www.bankofamer... 375ms
656ms
281ms
http://www.united.com/
375ms
422ms
47ms
http://www.yelp.com/
12s:875ms
02s:484ms
-10s:391ms
http://www.cnn.com/
625ms
969ms
344ms
http://www.stanford.com/ 47ms
109ms
62ms
-----------------------------------------------------------------------Latency Check Run 2....
Resource requested
Time Direct
Time Proxy
Diff (TP - TD)
-----------------------------------------------------------------------http://www.yahoo.com/
313ms
406ms
93ms
https://www.chase.com/
797ms
672ms
-125ms
. . .
Average diff - latency while using proxy vs going direct
-----------------------------------------Resource requested
Average Diff
-----------------------------------------http://www.yahoo.com/
395ms
https://www.chase.com/
94ms
https://www.bankofamer...
20ms
http://www.united.com/
77ms
http://www.yelp.com/
-05s:463ms
http://www.cnn.com/
364ms
http://www.stanford.com/
62ms
-----------------------------------------
50
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Using the DWP Latency Tester
To run the Latency Tester:
1
Hold down the Ctrl key and right-click the DWP tray icon.
2
Select Latency Test from the pop-up menu.
The Latency Tester window opens, with the path to your desktop selected. The desktop is
the default output path.
3
Click Start to accept the default folder, or Browse to another folder and click Start.
When the test is complete, the output file DWPLatencyTest.txt is available on your
desktop or other location you specified.
4
Click Send Email to Support in the Latency Tester dialog to send the output file to
technical support for help with troubleshooting.
The Latency Tester opens your default email client using the support email address, and
identifies the locations of the results of the latency test and packet capture:
5
Attach the DWPLatencyTest.txt and the files in the DWP_Pcaps folder to the email and
send them to support.
Desktop Web Proxy Configuration Guide
51
WSS 4.4.0-2
4: Troubleshooting
Using DWP Network Packet Capture
DWP Network Packet Capture gathers data from all active adapters, for use in troubleshooting
network problems. For example, Network Packet Capture gathers data for each network interface
card that is sending information.
You only need to use this tool at the request of Technical Support.
The DWP Latency Tester also gathers network packet data—see “Using the DWP Latency Tester”
on page 49 for information
Each time a capture runs it creates the DWP_Pcaps folder on the desktop. The DWP_Pcaps folder
contains a folder for each capture that is run. The capture folders are identified by the date and
time of the capture—for example, 06-06-2011_12-55.
Note
Although each capture creates one capture file for each adapter on the machine, only the files for
active adapters contain data. The other files contain only 24 bytes of header information and no data.
The capture folders contain two types of files:
•
A .pcap file for each adapter located, identifying the data packets that have been sent over
the network.
•
The file AdapterNames.txt, which identifies the adapter traffic.
Printing the device list:
1. rpcap://\Device\WPRO_41_2001_GenericDialupAdapter
(Network adapter 'Adapter for generic dialup and VPN capture'
on local host)
2. rpcap://
\Device\WPRO_41_2001_{65914B87-711E-4CC1-A3C6-9DDC0B6C623B}
(Network adapter 'NETGEAR WN121T Wireless USB 2.0 Adapter
(Microsoft's Packet Scheduler) ' on local host)
3. rpcap://
\Device\WPRO_41_2001_{E20B9819-0295-4437-B4E7-44124FD22FCA}
(Network adapter 'VMware Virtual Ethernet Adapter' on local
host)
4. rpcap://
\Device\WPRO_41_2001_{471741F2-E04C-4C95-A8FF-DEF73B68DDC2}
(Network adapter 'VMware Virtual Ethernet Adapter' on local
host)
5. rpcap://
\Device\WPRO_41_2001_{2502296A-06AB-40E6-AD14-DB0DF60D1E2E}
(Network adapter 'Realtek 10/100/1000 Ethernet NIC
(Microsoft's Packet Scheduler) ' on local host)
To run DWP Network Packet Capture:
1
Hold down the Ctrl key and right-click the DWP tray icon.
2
Select Network Packet Capture from the pop-up menu.
52
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Using DWP Network Packet Capture
The Network Packet Capture window opens with the path to your desktop selected. The
desktop is the default output path.
3
Click Start Capture to accept the default folder, or Browse to another folder and click
Start Capture.
4
Click Close to hide the window.
A notification bubble opens over the DWP icon periodically, reminding you that the
capture is running:
Note
We recommend that you run DWP packet capture for only as long as it takes you to recreate
the problem. This keeps file sizes to a minimum and makes it easier to identify problems.
5
When you have captured enough data to recreate the problem you’re troubleshooting, Ctrl/
right-click the DWP icon to open the Network Packet Capture window and click Stop
Capture.
The capture results are available in the DWP_Pcaps folder on your desktop or other
specified location. The folder is identified by the date and time of the capture. The
DWP_Pcaps folder contains one folder for each capture, which contains a .pcap file for
each adapter found, and the AdapterNames.txt file. For example:
Desktop Web Proxy Configuration Guide
53
WSS 4.4.0-2
4: Troubleshooting
Note
Contact technical support to determine the best way to send the .pcap files to them.
These files are very large.
54
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Error messages
Error messages
If the Desktop Web Proxy is not configured properly, the user may see one of these errors when
trying to browse the Internet:
•
DNS Lookup Failed. This message appears if the user typed the wrong URL, if the
upstream proxy server name provided is not correct in the DWP configuration, or the Web
Security Service server name is not correct in the DWP configuration. The message will
indicate the host name which was not resolved.
•
Cannot Load The Web Page. This message appears if connection to the Internet is lost,
the web site is currently unavailable, the computer may be offline, or the Web Security
Service cannot be contacted.
•
Web Security Disabled By External Environment. This message appears if DWP’s
Allow Unsafe Browsing option is disabled, and the user is in a hotspot where Internet
access is blocked or re-routed (not going through DWP).
•
Failed To Make Direct Connection To Server. This message appears if connection to the
Internet is lost or the web site is currently unavailable. The message will indicate the host
name which was not resolved.
Desktop Web Proxy Configuration Guide
55
WSS 4.4.0-2
4: Troubleshooting
PAC file is unavailable when user profile
folders are remapped
DWP is unable to create local PAC files for users when the \%USERPROFILE%\ folders are mapped
to a network drive. This is because upon startup, DWP applies settings to the browser, and
download and save the PAC file. However, the GPO takes some time to map the folders and
drives. As a result, DWP applies the settings and stores the PAC file to the default profile before
the GPO has completed the mapping of the network location to the user profile. This makes the
settings and PAC file unavailable to the user. To resolve this, introduce a slight delay, usually a few
seconds, so that DWP waits until GPO has completed its mapping. Then DWP can continue
applying settings and saving the PAC file to the remapped user profile.
To enter a time delay:
1
In the Registry, go to the DWP settings:
HKEY_LOCAL_MACHINE\SOFTWARE\Web Filtering
2
Enter a value in seconds for AutoApplySettingsDelay to something greater than 0. Use
the lowest possible time delay that will work for you. For example, start with 30 and adjust
as required.
56
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2
Index
Symbols
. 41
A
ADM template, 27
allow unsafe browsing 38
B
browser, unlocking proxy settings 56
browsers, supported, 2
bypassing, Web filtering, 18
C
configuration
browser setting, 39
Group Policy Object (GPO) editor, using, 27
proxy connection settings, 36
scripting, 41
using the DWP client 35
using the management portal 12
Customer support, ii
D
Desktop Web Proxy (DWP)
caching proxies, 15
hotspots, 16
name resolution, 16
PAC file, 15
L
Latency Tester 48
logging levels, diagnostic data, 38
M
monitor port 80 and 443 usage 38
MSI parameters, for use with hidden installation, 5
N
Network Packet Capture 51
P
PCAP 51
processes, DWP, viewing, 47
proxy
unlocking browser settings 56
proxy automatic configuration (PAC) file, using with
DWP, 40
R
registry keys, for DWP configuration, 41
S
silent installation, 4
support, ii
G
Group Policy Object (GPO)
configuring with, 27
installing with, 7
T
Technical support, ii
troubleshooting
error messages 55
FAQs 45
Latency Tester 48
Network Packet Capture 51
PAC file unavailable 56
running diagnostics 48
viewing running processes 47
H
hotspot management, 38
U
unlocking browser proxy settings 56
I
installation
hidden 5
individual desktops, 4
invisible 5
multiple stations, 4
with GPO, 7
Internet Explorer, downloading issue and
workaround, 3
W
Web Security Service settings
basic configuration requirements, 12
bypassing Web filtering, 18
E
enable automatic user name resolution 38
Desktop Web Proxy Configuration Guide
57
WSS 4.4.0-2
58
Desktop Web Proxy Configuration Guide
WSS 4.4.0-2