Solved

Proxy Settings for Laptop Users with Group Policy

Posted on 2004-09-09
8
11,894 Views
Last Modified: 2011-02-08
I'm trying to deploy a new proxy server into IE settings via Group Policy over our 2000 domain.

My question regards laptop users who go home at night and, of course, need to be able to connect to the Internet from there as well as in the office.

I need to figure out a way to remove those settings when a given machine isn't connected locally to our network and then reapplies them when they plug back in.

I assume that this is common enough that there'd have to be a solution -- any ideas?
0
Comment
Question by:titan6400
8 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12018333
simplest way is to give them their Proxy settings Via DHCP - then when they are at home they wont get them :)

modify your DHCP scope and add option 252 (proxy settings)
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 225 total points
ID: 12018337
I have a lot of users like this as well, you don't need to remove  the settings at all,

just put a check in the box (with policy if you need to) that says "Automatically detect settings" in the proxy settings pane at the top. as well as your autoconfig settings.  (put a check in both boxes)

if IEr can get out to the internet cloud directly, it will,  if it needs to use the proxy server, it will find it.

Tanelorn
0
 
LVL 1

Expert Comment

by:sync957p
ID: 12018491
We have a different aproach in our company.

Since we don't want the users messing around settings in the OS we restrict almost everything in the active directory, so they always have the desired settings.

For home use we create a local user account with power user privileges. That user always loads the same IE settings so we/he only needs to set it once.

I've also done different things in the past , like creating 2 hardware profiles for choice in startup.

Another approach was using a cool commercial app called Symantec Mobile Essentials (not shure if its still for sale) wich is
a software that allows a user to have lots of network configs and change between them with just some clicks.
0
 

Expert Comment

by:imes
ID: 13815969
We have just been trying to overcome the same issue and resolved it as follows.

You must remove any proxy settings from your group policy in order to use these autoconfiguration settings, except for the "automatically detect settings" checkbox in LAN settings of browser.
Create a DNS entry on internal DNS server so that wpad is mapped to the internal IP of an internal webserver
Downloaded a sample pac file. Edited for our proxy and renamed file to wpad.dat
Put file in the root directory of the internal web server C:\inetpub\wwwroot
On website properties, add in wpad.dat as a file in the documents tab
On HTTP headers tab click MIME types button and add in .dat as an extension with application/x-ns-proxy-autoconfig set as the MIME type.

Below is an example .pac file

function FindProxyForURL(url, host)
  {
    if (isResolvable(host))
      return "DIRECT";
    else
      return "PROXY proxyserver:80";
  }


Finally, within Windows DHCP, added option 252 for wpad to give a value of http://wpad.internaldnsdomainname/wpad.dat in DHCP scope

The script tells the browser to try and resolve the DNS name of the website internally and if so then go direct or if not then go via proxy.

We would prefer to do this using the cisco 3550 series switch allocating the DHCP options but couldn't get this working for some reason. Only works using Windows DHCP. If anyone can offer information on DHCP setup for Cisco 3550 switch for option 252 it would be most appreciated. We tried using ASCii for the setting.

Now when a laptop is off the LAN it doesn't get a DHCP address and automatically detects internet settings without proxy.




0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Expert Comment

by:gbisker
ID: 14097499
Pete,

I like your approach the best, in theory.  However, I need more detail.

Do you add 252 as a string in the form 'ip.ip.ip.ip:port'?

That's what I tried, it makes some sense to me, but it seemed to do nothing.

Thanks!
0
 

Expert Comment

by:imes
ID: 14104030
I think Pete may have been describing wpad as well but apologies if he's not.

If he was,
You must use http://wpad.your_internal_dns_domainname/wpad.dat in option 252 when using windows dhcp.
When the client then tries to access an external website it goes to the internal IIS website where your wpad script is and loads the script which tells it to go via a proxy server. It is the script that determines the proxy settings, not the dhcp option. The dhcp option merely points to the internal website that you have set up for wpad.
In your internal dns for the domain you must have an entry for wpad which points to the IP of your internal website with the wpad file

Alternatively you can point your option 252 to ISA server rather than set up a website to do this.

We managed to get it working on the cisco using option 114 (URL code) and it's been fine since. It doesn't work on the cisco with option 252.

Hope this is clearer.
Good luck.
0
 

Expert Comment

by:kstr79
ID: 14929018
I have a VBScript that cahnges the proxy settings through regedits and is a much simpler approach than the above. Of course user intervention is required but it works nonetheless. Although, You may be able to automate it to run through the use of a GPO.

VBScript Begin:

Const HKCU=&H80000001 'HKEY_CURRENT_USER
Const HKLM=&H80000002 'HKEY_LOCAL_MACHINE

Const REG_SZ=1
Const REG_EXPAND_SZ=2
Const REG_BINARY=3
Const REG_DWORD=4
Const REG_MULTI_SZ=7

Const HKCU_IE_PROXY = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Set oReg=GetObject("winmgmts:!root/default:StdRegProv")

Main

Sub Main()

strProxyServer = "HEM001SYMGATE00:8002"
strProxyOveride = "<local>"
strENV = GetValue(HKCU,HKCU_IE_PROXY,"ProxyEnable",REG_DWORD)
strENS = GetValue(HKCU,HKCU_IE_PROXY,"ProxyServer",REG_SZ)
strENL = Len(GetValue(HKCU,HKCU_IE_PROXY,"ProxyServer",REG_SZ))

If strENV = 1 and strENL > 0 Then      'If Proxy is set then turn it off
CreateValue HKCU,HKCU_IE_PROXY,"ProxyServer",strProxyServer,REG_SZ
CreateValue HKCU,HKCU_IE_PROXY,"ProxyEnable",0,REG_DWORD
CreateValue HKCU,HKCU_IE_PROXY,"ProxyOverride",strProxyOveride,REG_SZ
KillProcess "Explorer.exe"
wscript.echo "Proxy Disabled"

ElseIf strENV = 0 Then                  'If Proxy is not set then turn it on
CreateValue HKCU,HKCU_IE_PROXY,"ProxyServer",strProxyServer,REG_SZ
CreateValue HKCU,HKCU_IE_PROXY,"ProxyEnable",1,REG_DWORD
CreateValue HKCU,HKCU_IE_PROXY,"ProxyOverride",strProxyOveride,REG_SZ
KillProcess "Explorer.exe"
wscript.echo "Proxy Enabled" & vbcrlf & "(" & strProxyServer & ")"

Else      'Proxy Settings not affected
wscript.echo "Proxy Settings not affected"
End If

End Sub

Function CreateValue(Key,SubKey,ValueName,Value,KeyType)
Select Case KeyType
Case REG_SZ
CreateValue = oReg.SetStringValue(Key,SubKey,ValueName,Value)
Case REG_EXPAND_SZ
CreateValue = oReg.SetExpandedStringValue(Key,SubKey,ValueName,Value)
Case REG_BINARY
CreateValue = oReg.SetBinaryValue(Key,SubKey,ValueName,Value)
Case REG_DWORD
CreateValue = oReg.SetDWORDValue(Key,SubKey,ValueName,Value)
Case REG_MULTI_SZ
CreateValue = oReg.SetMultiStringValue(Key,SubKey,ValueName,Value)
End Select
End Function

Function DeleteValue(Key, SubKey, ValueName)
DeleteValue = oReg.DeleteValue(Key,SubKey,ValueName)
End Function

Function GetValue(Key, SubKey, ValueName, KeyType)

Dim Ret

Select Case KeyType
Case REG_SZ
oReg.GetStringValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_EXPAND_SZ
oReg.GetExpandedStringValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_BINARY
oReg.GetBinaryValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_DWORD
oReg.GetDWORDValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_MULTI_SZ
oReg.GetMultiStringValue Key, SubKey, ValueName, Value
Ret = Value
End Select

GetValue = Ret

End Function

Function KillProcess (ProcessName)
' Kill a process

Set objWMIService = GetObject("winmgmts:")
Set colProcesses = objWMIService.ExecQuery ("SELECT * FROM Win32_Process WHERE Name='" & ProcessName & "'")
For Each objProcess In colProcesses
intRet = objProcess.Terminate

Next

End Function

:VBScript End
0
 
LVL 1

Expert Comment

by:senmohan
ID: 22591533
we are using proxy server for internet. now who all are logging to the domain will get the proxy setting automatically this is done thought user conf rgroup policy. now i have issue with the laptop users. when they connect to home or hotel network they can't access the internet because of the internal proxy server and user dont have permission to uncheck  the proxy server option. so when they connect to another network other than office they should get the automatically detect settings. when they connect to office network proxy server setting has to get.

please help me to get this done using group policy !!! i need to enable proxy server for desktop. and automatically detect setting for laptop. policy has to be applied under computer account ( not with user).
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Find out what the Office 365 disclaimer function is, why you would use it and its limited ability to create Office 365 signatures.
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now