Windows-itpro-docs: WPAD required?
We have been told by a PFE that WPAD has to be enabled in order for WDAG to work. We were also recommended by our security auditors to turn off WPAD for security reasons. Can we get some more clarification within the documentation? Thanks!
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 5f43df7b-6ead-de5a-2e41-4d49978ab485
- Version Independent ID: 5497d300-cb21-55f3-7e80-98bc3592635c
- Content: System requirements for Windows Defender Application Guard (Windows 10)
- Content Source: windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
- Product: w10
- GitHub Login: @Justinha
- Microsoft Alias: justinha
sneakernuts
All 13 comments
@sneakernuts I'm not familiar with WPAD. Is It Web Proxy Auto Discovery?
Justinha
on 20 Mar 2019
@Justinha that's correct.
sneakernuts
on 20 Mar 2019
@sneakernuts App Guard does not have any dependency on WPAD. Correct me if i'm missing this but whether to turn on or off WPAD for security seems like an issue to cover in WPAD docs. Let me know what you want to see added with respect t WDAG system requirements.
Justinha
on 20 Mar 2019
What's what we thought. Until we disabled it. WDAG stops working until we re-enable WPAD. According to our PFE from our support call it needs WPAD. Here's what they said verbatim:
"The WinHTTP Web Proxy Auto-Discovery Service is required for the functionality of WDAG and other inbox services. As such, stopping or disabling this service is not supported."
sneakernuts
on 20 Mar 2019
Ok thanks Otto. I wasn't aware but I've asked engineering to comment.
Justinha
on 21 Mar 2019
Thanks for looking into this!
sneakernuts
on 21 Mar 2019
I would also like to know an answer to this. Currently working on this feature with a customer and this might be a blocker in their deployment.
ermacia91
on 21 Mar 2019
@sneakernuts @ermacia91 here is what I learned:
The actual service itself cannot be disabled. If you disable the service a lot of things will break.
However, you can disable WPAD without disabling the service at Settings > Network & Internet > Proxy > Automatically detect settings (turn it off).
This registry key work to disable system accounts on devices running Windows 10 version 1809 or later:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
DisableWpad=1 (DWORD)
With these settings WDAG will work.
Thanks very much for raising this guys! I'll add this to the system requirements.
Justinha
on 22 Mar 2019
This is great. Thanks @JustinHa
Appreciate it.
sneakernuts
on 22 Mar 2019
Have one more question. What’s the solution for disabling WPAD on machines that are Windows 10 1709 & 1803?
sneakernuts
on 22 Mar 2019
@officedocsbot assign @e0i
e0i
on 9 May 2019
@Justinha
Any updates with including WPAD as a software dependency in this article?
We would like to assist with content updates if needed.
Thank you.
e0i
on 9 May 2019
Closing as the original issue question has been answered.
e0i
on 3 Jul 2019
Related issues
sundhaug92
·
3Comments
arcotek-ltd
·
3Comments
iadgovuser1
·
3Comments
RAJU2529
·
3Comments
KamilSzafarczyk
·
3Comments
Most helpful comment
@sneakernuts @ermacia91 here is what I learned:
The actual service itself cannot be disabled. If you disable the service a lot of things will break.
However, you can disable WPAD without disabling the service at Settings > Network & Internet > Proxy > Automatically detect settings (turn it off).
This registry key work to disable system accounts on devices running Windows 10 version 1809 or later:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
DisableWpad=1 (DWORD)
With these settings WDAG will work.
Thanks very much for raising this guys! I'll add this to the system requirements.