Using powershell behind a proxy server

Using Powershell behind a proxy server can cause a number of headaches when working with hybrid Office 365 environments, or pretty much any other external resources and you’re behind a proxy server.

First up, check if there is already a proxy set in Powershell (Run it as an administrator or you won’t be allowed to write the variables).

netsh winhttp show proxy

This will show if you have a proxy set or if you’re using a direct internet connection.  Now, if this shows direct, and you know you’re using a proxy server AND cannot get external access in Powershell you can try one of the following options to set your proxy details.  If you already get external access, what are you doing here? if you already have proxy settings showing from the above command and can’t access external resources you can try the following too.

Import the settings in use by IE, this works if a proxy server is set and not a pac (autoconfiguration) file.

netsh winhttp import proxy source=ie

If you see a message showing your proxy server, port and any bypass addresses you have set in your Internet Options here, it’s probably worked and you can test your access to external resources.

If you see a return message stating Direct Access, you’re probably not using the proxy server URL field so lets move on…. do you access the internet using an AutoConfiguration (.pac) file? if so you need to get the address of the pac file from your Internet Options – Connections – Lan Settings – Proxy AutoConfig Address. and should look something like:

local pac file accessed on port 9000

http://127.0.0.1:9000/proxysettings.pac

or hosted pac file accessed on port 80

http://pac.inter.net/proxy.pac

note down the IP address and port number or hostname and port number.

and import the information into PowerShell (I’ll use the local IP for my example but remember to replace all values with your own).

netsh winhttp set proxy="127.0.0.1:9000"

After executing, PowerShell returns information that my proxy server is now set as intended above but will show a blank bypass list, so I can now get external access (try opening a session to external resources, it should work) but as the pac file is not parsed or referenced in the above gateway we need a way to tell the system to ignore certain addresses and go direct. Denoted by the second part of the command as below.

netsh winhttp set proxy="127.0.0.1:9000" "10.*,172.*,192.168.*"

Job done, you can now try to access both internal and external resources via PowerShell.

Remember, if you are behind a proxy server you may hit errors with SSL certificates and such, these can usually be dealt with by adding the URL to an SSL bypass list in the proxy console (or asking an admin to do so).  There are other ways to import the certificate provided by your proxy server for SSL interception, bypass SSL scanning at the application level etc. but those are posts for another day.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *