Want to globally set IEs "Do not use proxy server for addresses beginning with...".


We have a LAN with around 80 workstations. Some are laptops brought in from home. Home users may or may not have broadband.
We are using MS Server 2003 with Active Directory.
We have MS ISA Proxy Server on the gateway server with NTLM authentication.
We have other web servers on the LAN hosting multiple sites.
The domain name is BlueBottle (not really).
The websites are names like salesops.bluebottle, accounts.bluebottle, kpi.bluebottle, etc.
There are also dev.x and test.x variants of these sites (dev.salesops.bluebottle, test.salesops.bluebottle). Dev is for the development, test is for pre-release of new features and no specific prefix is the live version.
The sites do not all have their own IP address or web server. Sites share the web server.
We are NOT using IIS.
Workstations are configured to use the proxy server for all requests.
The "Bypass proxy server for local addresses" is set.
The "Exceptions - Do not use proxy server for addresses beginning with:" box is empty.
The IP address for all the sites is on the same subnet as the domain. All machines on the network have an IP address from 10.0.0.x
We have DNS records set for the sites to point to a specific address.
The sites are intranet sites only. They are NOT for external access (i.e. only locally tethered users are allowed access).

If a user goes to a site (say salesop.bluebottle), there is a significant delay. If I enter salesop.bluebottle in the "Do not use proxy server for addresses beginning with ...", then the site loads up a LOT faster.

I think the "Bypass proxy server for local addresses" doesn't do anything.

Also, the only way the web server scripts get the clients IP address is to have the site name in the list of exceptions ("Do not use proxy server for addresses beginning with ...").

So - the questions.

1 - What changes would you recommend?
2 - How would these changes be implemented globally? I do NOT want to have to visit every pc or have to set settings on new pcs as they arrive, and I want to stop the users from altering these settings once made.
3 - Am I missing out on something?
4 - Will these settings affect users who plug their notebooks into their home broadband (or even dialup) connection?

I am NOT a sysop, but everyone here thinks I'm the person who should fix this. Gee! Thanks!

This is a small issue with me putting a lot of words into it. Please be nice.

Thanks in advance,

Richard Quadling.
LVL 40
Richard QuadlingSenior Software DeveloperAsked:
Who is Participating?
"Is there a way to view all the policies in place?"

Yes there is. Download (if you don't already have it) the GPMC (group policy management console)...this thing will make your life much easier when it comes to managing group policy :)


Also, on a client, you can run gpresult.exe to see what policies are applied and what ones have been filtered out. The RSOP tool is similar, but gives a bit more info as well:

If you just want to set the following: "Do not use proxy server for addresses beginning with ...").

Then use group policy to do this for your entire domain all at one time which will also lock users out of changing it while on the domain.

Are you at all familar with group policy?

The setting(s) you want are under:

user config- windows settings- IE Maintainence- connection- proxy settings
Richard QuadlingSenior Software DeveloperAuthor Commented:
That's what I thought.

I opened Active Directory Users and Computers.
Right clicked my domain and chose properties.
Chose the Group Policy tab.
Chose Default Domain Policy.
Chose Edit.
User Config -> Windows Settings -> IE Maintenance -> Connection -> Proxy Settings.
Exceptions -> Do not use proxy server for addresses that start = 10.0.0.*;*.bluebottle
Do not use proxy server for local (intranet) addresses = ticked.

The exceptions value is the same as my machine (which I did manually). Leave it in, it works, take it out HUGE delay and no IP tracking.

Got some users to reboot. Their IE has not changed.

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Richard QuadlingSenior Software DeveloperAuthor Commented:

Found that the users I got to reboot belong to a group. The group policy for that group was set to block inheritence and no override.

Gee. Who ever set this up made it REALLY hard.

Is there a way to view all the policies in place? This is what the root of the problem is for me here I think. (I only started in August and as a programmer, not the sysop - who went to Australia in November and decided not to come back! Oh how I would like to thank him!).

Rich RumbleSecurity SamuraiCommented:
You can use scripts to do this also, you can have them check to see if these settings are set to the value you want, and if not then set them again
If you know the registry key this set's you can use a script to set that easily

Also some great example scripts here:
Richard QuadlingSenior Software DeveloperAuthor Commented:
Oh! That RSoP program is EXCELLENT!!!!


This is great news.

I've got enough here now to tell the IT manager what we need to do.

THank you!!!!!!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.