Proxy Settings for Laptop Users with Group Policy

I'm trying to deploy a new proxy server into IE settings via Group Policy over our 2000 domain.

My question regards laptop users who go home at night and, of course, need to be able to connect to the Internet from there as well as in the office.

I need to figure out a way to remove those settings when a given machine isn't connected locally to our network and then reapplies them when they plug back in.

I assume that this is common enough that there'd have to be a solution -- any ideas?
Who is Participating?
tanelornConnect With a Mentor Commented:
I have a lot of users like this as well, you don't need to remove  the settings at all,

just put a check in the box (with policy if you need to) that says "Automatically detect settings" in the proxy settings pane at the top. as well as your autoconfig settings.  (put a check in both boxes)

if IEr can get out to the internet cloud directly, it will,  if it needs to use the proxy server, it will find it.

Pete LongTechnical ConsultantCommented:
simplest way is to give them their Proxy settings Via DHCP - then when they are at home they wont get them :)

modify your DHCP scope and add option 252 (proxy settings)
We have a different aproach in our company.

Since we don't want the users messing around settings in the OS we restrict almost everything in the active directory, so they always have the desired settings.

For home use we create a local user account with power user privileges. That user always loads the same IE settings so we/he only needs to set it once.

I've also done different things in the past , like creating 2 hardware profiles for choice in startup.

Another approach was using a cool commercial app called Symantec Mobile Essentials (not shure if its still for sale) wich is
a software that allows a user to have lots of network configs and change between them with just some clicks.
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

We have just been trying to overcome the same issue and resolved it as follows.

You must remove any proxy settings from your group policy in order to use these autoconfiguration settings, except for the "automatically detect settings" checkbox in LAN settings of browser.
Create a DNS entry on internal DNS server so that wpad is mapped to the internal IP of an internal webserver
Downloaded a sample pac file. Edited for our proxy and renamed file to wpad.dat
Put file in the root directory of the internal web server C:\inetpub\wwwroot
On website properties, add in wpad.dat as a file in the documents tab
On HTTP headers tab click MIME types button and add in .dat as an extension with application/x-ns-proxy-autoconfig set as the MIME type.

Below is an example .pac file

function FindProxyForURL(url, host)
    if (isResolvable(host))
      return "DIRECT";
      return "PROXY proxyserver:80";

Finally, within Windows DHCP, added option 252 for wpad to give a value of http://wpad.internaldnsdomainname/wpad.dat in DHCP scope

The script tells the browser to try and resolve the DNS name of the website internally and if so then go direct or if not then go via proxy.

We would prefer to do this using the cisco 3550 series switch allocating the DHCP options but couldn't get this working for some reason. Only works using Windows DHCP. If anyone can offer information on DHCP setup for Cisco 3550 switch for option 252 it would be most appreciated. We tried using ASCii for the setting.

Now when a laptop is off the LAN it doesn't get a DHCP address and automatically detects internet settings without proxy.


I like your approach the best, in theory.  However, I need more detail.

Do you add 252 as a string in the form 'ip.ip.ip.ip:port'?

That's what I tried, it makes some sense to me, but it seemed to do nothing.

I think Pete may have been describing wpad as well but apologies if he's not.

If he was,
You must use http://wpad.your_internal_dns_domainname/wpad.dat in option 252 when using windows dhcp.
When the client then tries to access an external website it goes to the internal IIS website where your wpad script is and loads the script which tells it to go via a proxy server. It is the script that determines the proxy settings, not the dhcp option. The dhcp option merely points to the internal website that you have set up for wpad.
In your internal dns for the domain you must have an entry for wpad which points to the IP of your internal website with the wpad file

Alternatively you can point your option 252 to ISA server rather than set up a website to do this.

We managed to get it working on the cisco using option 114 (URL code) and it's been fine since. It doesn't work on the cisco with option 252.

Hope this is clearer.
Good luck.
I have a VBScript that cahnges the proxy settings through regedits and is a much simpler approach than the above. Of course user intervention is required but it works nonetheless. Although, You may be able to automate it to run through the use of a GPO.

VBScript Begin:


Const REG_SZ=1

Const HKCU_IE_PROXY = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Set oReg=GetObject("winmgmts:!root/default:StdRegProv")


Sub Main()

strProxyServer = "HEM001SYMGATE00:8002"
strProxyOveride = "<local>"
strENV = GetValue(HKCU,HKCU_IE_PROXY,"ProxyEnable",REG_DWORD)
strENS = GetValue(HKCU,HKCU_IE_PROXY,"ProxyServer",REG_SZ)
strENL = Len(GetValue(HKCU,HKCU_IE_PROXY,"ProxyServer",REG_SZ))

If strENV = 1 and strENL > 0 Then      'If Proxy is set then turn it off
CreateValue HKCU,HKCU_IE_PROXY,"ProxyServer",strProxyServer,REG_SZ
CreateValue HKCU,HKCU_IE_PROXY,"ProxyEnable",0,REG_DWORD
CreateValue HKCU,HKCU_IE_PROXY,"ProxyOverride",strProxyOveride,REG_SZ
KillProcess "Explorer.exe"
wscript.echo "Proxy Disabled"

ElseIf strENV = 0 Then                  'If Proxy is not set then turn it on
CreateValue HKCU,HKCU_IE_PROXY,"ProxyServer",strProxyServer,REG_SZ
CreateValue HKCU,HKCU_IE_PROXY,"ProxyEnable",1,REG_DWORD
CreateValue HKCU,HKCU_IE_PROXY,"ProxyOverride",strProxyOveride,REG_SZ
KillProcess "Explorer.exe"
wscript.echo "Proxy Enabled" & vbcrlf & "(" & strProxyServer & ")"

Else      'Proxy Settings not affected
wscript.echo "Proxy Settings not affected"
End If

End Sub

Function CreateValue(Key,SubKey,ValueName,Value,KeyType)
Select Case KeyType
CreateValue = oReg.SetStringValue(Key,SubKey,ValueName,Value)
CreateValue = oReg.SetExpandedStringValue(Key,SubKey,ValueName,Value)
CreateValue = oReg.SetBinaryValue(Key,SubKey,ValueName,Value)
CreateValue = oReg.SetDWORDValue(Key,SubKey,ValueName,Value)
CreateValue = oReg.SetMultiStringValue(Key,SubKey,ValueName,Value)
End Select
End Function

Function DeleteValue(Key, SubKey, ValueName)
DeleteValue = oReg.DeleteValue(Key,SubKey,ValueName)
End Function

Function GetValue(Key, SubKey, ValueName, KeyType)

Dim Ret

Select Case KeyType
oReg.GetStringValue Key, SubKey, ValueName, Value
Ret = Value
oReg.GetExpandedStringValue Key, SubKey, ValueName, Value
Ret = Value
oReg.GetBinaryValue Key, SubKey, ValueName, Value
Ret = Value
oReg.GetDWORDValue Key, SubKey, ValueName, Value
Ret = Value
oReg.GetMultiStringValue Key, SubKey, ValueName, Value
Ret = Value
End Select

GetValue = Ret

End Function

Function KillProcess (ProcessName)
' Kill a process

Set objWMIService = GetObject("winmgmts:")
Set colProcesses = objWMIService.ExecQuery ("SELECT * FROM Win32_Process WHERE Name='" & ProcessName & "'")
For Each objProcess In colProcesses
intRet = objProcess.Terminate


End Function

:VBScript End
we are using proxy server for internet. now who all are logging to the domain will get the proxy setting automatically this is done thought user conf rgroup policy. now i have issue with the laptop users. when they connect to home or hotel network they can't access the internet because of the internal proxy server and user dont have permission to uncheck  the proxy server option. so when they connect to another network other than office they should get the automatically detect settings. when they connect to office network proxy server setting has to get.

please help me to get this done using group policy !!! i need to enable proxy server for desktop. and automatically detect setting for laptop. policy has to be applied under computer account ( not with user).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.