Solved

Proxy Server settings from W2K domain policy

Posted on 2004-09-07
10
236 Views
Last Modified: 2010-03-18
We use W2K AD domain policy to set our IE proxy server settings. Until recently we use ISA Server 2000 locally on one of our servers, but have now changed to an off site url for the proxy. Most of the time users log on and get the correct settings, but sometimes the old settings reappear! I have uninstalled the ISA Server software so where can this be coming from?

We don't have "automatically detect" enabled. Sometimes you can untick the incorrect proxy settings, reboot, and it comes good, but sometimes everthing is greyed out and we have to use regedit to clear out the incorrect settings. All the DC servers are synced and all have the correct settings so I'm baffled as to where the wrong settings are coming from !!
0
Comment
Question by:proneill
  • 4
  • 4
10 Comments
 
LVL 11

Expert Comment

by:Eric
Comment Utility
hmm.. try making a policy disable the old policy , then have a policy later enable it.  I think once all clients are switched over it will be corrected.
Its not spiratic on the same pc's is it?  

also what if you forward the DNS to the extrnal host
0
 

Author Comment

by:proneill
Comment Utility
Thanks for your response. Not sure how I would make a policy to disable - it only allows for enabling in the GP Proxy Settings.

I don't know what spiratic means but on the same pc it can be ok on one user's logon but not another.

Our dns is internal except for our web site and mail settings which are done on an external host. I can't make any changes to this setup
0
 

Author Comment

by:proneill
Comment Utility
I've just realised what you probably mean - put the settings so that there's no proxy, then later re-enable it. I'll give this a try!
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
hehe I spell wrong because I say things wrong.

spiratic=sporadic  :D

meaning... does it work sometimes with the same user, and not other times.

also try putting a logon script in the problematic GPO.

make it say

net send "yourcomputername" %username% GPO success on %computername%


it will give you a popup window on your pc if the script is executing.  Or simply put a pause in it, so it will stay visable.

and you can confirm its running

IE:

@echo Applied GPO Test
@echo If you see this message the client has successfuly applied GPO "GPO Name"
pause



Just ideas for troubleshooting.  
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 11

Expert Comment

by:Eric
Comment Utility
Bah....
did my suggestion work?
0
 

Author Comment

by:proneill
Comment Utility
Had to pay Microsoft to investigate this one. Turned out to be a synch error on one of the DCs
0
 
LVL 11

Expert Comment

by:Eric
Comment Utility
ahh.. been there.

Were you able to repair it or did they make you reload the servers?

They tried to get me to reload, but I said no, then suddenly they came up with a solution :)
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed with points refunded (250)

modulo
Community Support Moderator
0
 

Author Comment

by:proneill
Comment Utility
This was the gist of the registry hack:

HKey Local Machine\System\CurrentControlSet\Services\NTFRS\Parameters\Backup\Restore\ProcessatStartup. If there is not an entry forBurflags create one, edit, menu,new dword value, Burflags, OK. If there is one, r-click, modify, type d2 in value data box, OK.

The net stop NTFRS, net start NTFRS.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This video discusses moving either the default database or any database to a new volume.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now