Solved

Proxy Settings for Laptop Users with Group Policy

Posted on 2004-09-09
8
11,896 Views
Last Modified: 2011-02-08
I'm trying to deploy a new proxy server into IE settings via Group Policy over our 2000 domain.

My question regards laptop users who go home at night and, of course, need to be able to connect to the Internet from there as well as in the office.

I need to figure out a way to remove those settings when a given machine isn't connected locally to our network and then reapplies them when they plug back in.

I assume that this is common enough that there'd have to be a solution -- any ideas?
0
Comment
Question by:titan6400
8 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12018333
simplest way is to give them their Proxy settings Via DHCP - then when they are at home they wont get them :)

modify your DHCP scope and add option 252 (proxy settings)
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 225 total points
ID: 12018337
I have a lot of users like this as well, you don't need to remove  the settings at all,

just put a check in the box (with policy if you need to) that says "Automatically detect settings" in the proxy settings pane at the top. as well as your autoconfig settings.  (put a check in both boxes)

if IEr can get out to the internet cloud directly, it will,  if it needs to use the proxy server, it will find it.

Tanelorn
0
 
LVL 1

Expert Comment

by:sync957p
ID: 12018491
We have a different aproach in our company.

Since we don't want the users messing around settings in the OS we restrict almost everything in the active directory, so they always have the desired settings.

For home use we create a local user account with power user privileges. That user always loads the same IE settings so we/he only needs to set it once.

I've also done different things in the past , like creating 2 hardware profiles for choice in startup.

Another approach was using a cool commercial app called Symantec Mobile Essentials (not shure if its still for sale) wich is
a software that allows a user to have lots of network configs and change between them with just some clicks.
0
 

Expert Comment

by:imes
ID: 13815969
We have just been trying to overcome the same issue and resolved it as follows.

You must remove any proxy settings from your group policy in order to use these autoconfiguration settings, except for the "automatically detect settings" checkbox in LAN settings of browser.
Create a DNS entry on internal DNS server so that wpad is mapped to the internal IP of an internal webserver
Downloaded a sample pac file. Edited for our proxy and renamed file to wpad.dat
Put file in the root directory of the internal web server C:\inetpub\wwwroot
On website properties, add in wpad.dat as a file in the documents tab
On HTTP headers tab click MIME types button and add in .dat as an extension with application/x-ns-proxy-autoconfig set as the MIME type.

Below is an example .pac file

function FindProxyForURL(url, host)
  {
    if (isResolvable(host))
      return "DIRECT";
    else
      return "PROXY proxyserver:80";
  }


Finally, within Windows DHCP, added option 252 for wpad to give a value of http://wpad.internaldnsdomainname/wpad.dat in DHCP scope

The script tells the browser to try and resolve the DNS name of the website internally and if so then go direct or if not then go via proxy.

We would prefer to do this using the cisco 3550 series switch allocating the DHCP options but couldn't get this working for some reason. Only works using Windows DHCP. If anyone can offer information on DHCP setup for Cisco 3550 switch for option 252 it would be most appreciated. We tried using ASCii for the setting.

Now when a laptop is off the LAN it doesn't get a DHCP address and automatically detects internet settings without proxy.




0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Expert Comment

by:gbisker
ID: 14097499
Pete,

I like your approach the best, in theory.  However, I need more detail.

Do you add 252 as a string in the form 'ip.ip.ip.ip:port'?

That's what I tried, it makes some sense to me, but it seemed to do nothing.

Thanks!
0
 

Expert Comment

by:imes
ID: 14104030
I think Pete may have been describing wpad as well but apologies if he's not.

If he was,
You must use http://wpad.your_internal_dns_domainname/wpad.dat in option 252 when using windows dhcp.
When the client then tries to access an external website it goes to the internal IIS website where your wpad script is and loads the script which tells it to go via a proxy server. It is the script that determines the proxy settings, not the dhcp option. The dhcp option merely points to the internal website that you have set up for wpad.
In your internal dns for the domain you must have an entry for wpad which points to the IP of your internal website with the wpad file

Alternatively you can point your option 252 to ISA server rather than set up a website to do this.

We managed to get it working on the cisco using option 114 (URL code) and it's been fine since. It doesn't work on the cisco with option 252.

Hope this is clearer.
Good luck.
0
 

Expert Comment

by:kstr79
ID: 14929018
I have a VBScript that cahnges the proxy settings through regedits and is a much simpler approach than the above. Of course user intervention is required but it works nonetheless. Although, You may be able to automate it to run through the use of a GPO.

VBScript Begin:

Const HKCU=&H80000001 'HKEY_CURRENT_USER
Const HKLM=&H80000002 'HKEY_LOCAL_MACHINE

Const REG_SZ=1
Const REG_EXPAND_SZ=2
Const REG_BINARY=3
Const REG_DWORD=4
Const REG_MULTI_SZ=7

Const HKCU_IE_PROXY = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Set oReg=GetObject("winmgmts:!root/default:StdRegProv")

Main

Sub Main()

strProxyServer = "HEM001SYMGATE00:8002"
strProxyOveride = "<local>"
strENV = GetValue(HKCU,HKCU_IE_PROXY,"ProxyEnable",REG_DWORD)
strENS = GetValue(HKCU,HKCU_IE_PROXY,"ProxyServer",REG_SZ)
strENL = Len(GetValue(HKCU,HKCU_IE_PROXY,"ProxyServer",REG_SZ))

If strENV = 1 and strENL > 0 Then      'If Proxy is set then turn it off
CreateValue HKCU,HKCU_IE_PROXY,"ProxyServer",strProxyServer,REG_SZ
CreateValue HKCU,HKCU_IE_PROXY,"ProxyEnable",0,REG_DWORD
CreateValue HKCU,HKCU_IE_PROXY,"ProxyOverride",strProxyOveride,REG_SZ
KillProcess "Explorer.exe"
wscript.echo "Proxy Disabled"

ElseIf strENV = 0 Then                  'If Proxy is not set then turn it on
CreateValue HKCU,HKCU_IE_PROXY,"ProxyServer",strProxyServer,REG_SZ
CreateValue HKCU,HKCU_IE_PROXY,"ProxyEnable",1,REG_DWORD
CreateValue HKCU,HKCU_IE_PROXY,"ProxyOverride",strProxyOveride,REG_SZ
KillProcess "Explorer.exe"
wscript.echo "Proxy Enabled" & vbcrlf & "(" & strProxyServer & ")"

Else      'Proxy Settings not affected
wscript.echo "Proxy Settings not affected"
End If

End Sub

Function CreateValue(Key,SubKey,ValueName,Value,KeyType)
Select Case KeyType
Case REG_SZ
CreateValue = oReg.SetStringValue(Key,SubKey,ValueName,Value)
Case REG_EXPAND_SZ
CreateValue = oReg.SetExpandedStringValue(Key,SubKey,ValueName,Value)
Case REG_BINARY
CreateValue = oReg.SetBinaryValue(Key,SubKey,ValueName,Value)
Case REG_DWORD
CreateValue = oReg.SetDWORDValue(Key,SubKey,ValueName,Value)
Case REG_MULTI_SZ
CreateValue = oReg.SetMultiStringValue(Key,SubKey,ValueName,Value)
End Select
End Function

Function DeleteValue(Key, SubKey, ValueName)
DeleteValue = oReg.DeleteValue(Key,SubKey,ValueName)
End Function

Function GetValue(Key, SubKey, ValueName, KeyType)

Dim Ret

Select Case KeyType
Case REG_SZ
oReg.GetStringValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_EXPAND_SZ
oReg.GetExpandedStringValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_BINARY
oReg.GetBinaryValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_DWORD
oReg.GetDWORDValue Key, SubKey, ValueName, Value
Ret = Value
Case REG_MULTI_SZ
oReg.GetMultiStringValue Key, SubKey, ValueName, Value
Ret = Value
End Select

GetValue = Ret

End Function

Function KillProcess (ProcessName)
' Kill a process

Set objWMIService = GetObject("winmgmts:")
Set colProcesses = objWMIService.ExecQuery ("SELECT * FROM Win32_Process WHERE Name='" & ProcessName & "'")
For Each objProcess In colProcesses
intRet = objProcess.Terminate

Next

End Function

:VBScript End
0
 
LVL 1

Expert Comment

by:senmohan
ID: 22591533
we are using proxy server for internet. now who all are logging to the domain will get the proxy setting automatically this is done thought user conf rgroup policy. now i have issue with the laptop users. when they connect to home or hotel network they can't access the internet because of the internal proxy server and user dont have permission to uncheck  the proxy server option. so when they connect to another network other than office they should get the automatically detect settings. when they connect to office network proxy server setting has to get.

please help me to get this done using group policy !!! i need to enable proxy server for desktop. and automatically detect setting for laptop. policy has to be applied under computer account ( not with user).
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When converting a physical machine to a virtual machine using VMware vCenter Converter Standalone or vCenter Converter Enterprise, if an adapter type is not selected during the initial customization the resulting virtual machine may contain an IDE d…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now