forums.wsusoffline.net

[Mortimer]

I am using WSUS Offline Update in an environment where the machine running the Update Generator is a development domain, which connects to the Internet via a corporate network domain. There is no trust relationship between the two, which means that authentication with the corporate proxy servers using a corporate domain ID is required.

This is possible using the current "Proxy..." button, but the setting remains there once set, and worse... it is in clear text. We have to be very careful to remember to go into the tool and delete the proxy password from the set up once the generator has finished its work.

I have a suggestion:

Can the proxy set up be changed so that should authentication be required, a one-time authentication dialogue is displayed by the Update Generator, which is used for the session, and completely forgotten when the application is exited?

[WSUSUpdateAdmin]

Hi and welcome, Mortimer,

I'll think about a solution for your requirement.

Regards
Torsten Wittrock

[Mortimer]

That sounds great, I shall look forward to seeing any developments.

[WSUSUpdateAdmin]

Hi!

I just looked around and found a likely approach to a solution for your security requirement: http://dokuwiki.pcfreak.de/doku.php?id=public:windows:wgetproxy
It uses another utility named "cntlm" to compute your NTLM password hash, which you can save to an INI file to avoid plain text storage of your proxy password.

Does this satisfy your wishes?

Regards
Torsten Wittrock

[WSUSUpdateAdmin]

Well, I've implemented a better solution, see http://trac.wsusoffline.net/browser/trunk (r370).
RTW

[Mortimer]

Sorry I haven't returned earlier. It is certainly better than before, as at least there is a way to have any password hidden, and forgotten when the application is terminated.

There are a couple of suggestions for the future:

(1) Can the same be done for the user name, so depending on who logs into the server to the WSUS Offline update, they can simply enter their own domain credentials. At the moment each user would still need to edit the Proxy settings of the WSUS updater to put their user name in there.

(2) Can anything be done to parse the entries in a more friendly way:
At the moment I have to enter a user name in the form domain_name\user.name. We also have to use complex passwords, which may include characters that cannot be used in a URL. As the proxy settings are URLs, the "\" character between the domain and user names has to be entered as "%5C". In my case my password contains spaces, so each space has to be replaced by "%20". If I forget to do this, I simply get a download error, or unable to resolve proxy host.

Anyway, good work so far! Thanks.

[Mortimer]

Is there any chance the parsing of proxy passwords can be improved to remove the need to enter spaces as %20 and so on?

[WSUSUpdateAdmin]

Yes, there is: http://trac.wsusoffline.net/browser/trunk (r469).
Thanks & Regards
T. Wittrock

[Mortimer]

Brilliant! Thanks!