Additional Windows proxy configuration
The following sections detail additional ways you might configure the Windows proxy outside of the user interface.
To stop a Windows proxy from the appliance command line
tw_terminate_winproxy utility, located in the
$TIDEWAY/bin/ directory, sends a terminate request to the Windows proxy. To use the utility, you must have the
discovery/slave/write permission. When the utility successfully sends a terminate request to a Windows proxy, an audit event is logged. The audit event is called
windows_proxy_process_terminate and contains the name of the Windows proxy that the terminate request was sent to.
When using the utility, you must always specify a Windows proxy and a user name. If you do not specify a password, you are prompted for one.
Running proxy as unpriviliged user
If a Windows proxy is not running as either the Local System account or as a member of the Administrators group, tw_terminate_winproxy does not stop the Windows proxy. The following error is logged in the Windows proxy log file:
ERROR: Failed to terminate slave service: [(5, 'OpenSCManager', 'Access is denied.')]
Workaround: Allow the user that the Windows proxy is running to stop the service. For more information, see the Microsoft Support Site.
For more information about the utility and the command line options, see tw_terminate_winproxy.
Windows proxy platform minimum specification
The following specification provides a guide to the minimum recommended specification for the Windows proxy hardware. This specification has been verified on Microsoft Windows 2003 Service Pack 2:
3GHz Intel Pentium® 4 CPU 512k Cache
SMBv1 client not installed by default on later versions of Windows
On Windows Server 1709 and Window 10 version 1709 and later, the SMBv1 client is not installed by default. This prevents the proxy from being able to fully discover old versions of Windows that only support SMBv1 (Windows 2003 and earlier). The following error is logged in the proxy worker log file:
RemQueryException: You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
Your system requires SMB2 or higher. For more info on resolving this issue, see: https://go.microsoft.com/fwlink/?linkid=852747 (0x00000180)
The SMBv1 client can be installed on the proxy host by following the Microsoft link above.