How can I proxy windows update from a subnet without internet access?

Mark Kennedy 0 Reputation points
2024-08-29T13:01:31.5266667+00:00

I have a number of Windows 11 desktops running on a restricted subnet with no general internet access. I want to be able to invoke 'Windows Update' on them. There is a bastion server with two network interfaces - one on the restricted subnet and the other on a subnet with internet access. The bastion server is running Apache httpd and is capable of proxying HTTPS requests. the bastion server does not act as IP router in any way. Is there a way to allow windows update to proceed via HTTPS proxy? or is the only alternative to allow some kind of restricted IP routing?

Windows for business Windows Client for IT Pros User experience Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Kabir Bello 0 Reputation points
    2024-08-30T01:08:55.87+00:00

    To configure your Windows 11 desktops to use the bastion server as an HTTPS proxy for Windows Update without enabling IP routing; to achieve this:

    1. Configure the Proxy on the Bastion Server:
      • Ensure Apache httpd is set up to proxy HTTPS requests. You can add the following configuration to your Apache httpd configuration file (httpd.conf or apache2.conf):
        
             <VirtualHost *:443>
        
                 ProxyRequests On
        
                 ProxyVia On
        
                 <Proxy *>
        
                     Require all granted
        
                 </Proxy>
        
                 ProxyPass / https://windowsupdate.microsoft.com/
        
                 ProxyPassReverse / https://windowsupdate.microsoft.com/
        
             </VirtualHost>
        
        
    2. Set Proxy Settings on Windows 11 Desktops:
      • Open Command Prompt as an administrator.
      • Use the netsh command to set the proxy settings for Windows Update:
        
             netsh winhttp set proxy proxy-server="http=your_bastion_server:port;https=your_bastion_server:port"
        
        
    3. Verify Proxy Settings:
      • You can check the current proxy settings with:
        
             netsh winhttp show proxy
        
        
    4. Test Windows Update:
      • Run Windows Update on one of the desktops to ensure it can connect through the proxy.

    This setup will allow your Windows 11 desktops to use the bastion server as an HTTPS proxy for Windows Update without the need of enabling IP routing.

    If any issues, you may need to adjust your firewall rules to allow traffic between the desktops & the bastion server on the specified ports.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.