Want to globally set IEs "Do not use proxy server for addresses beginning with...".

Posted on 2005-04-07
Last Modified: 2013-12-04

We have a LAN with around 80 workstations. Some are laptops brought in from home. Home users may or may not have broadband.
We are using MS Server 2003 with Active Directory.
We have MS ISA Proxy Server on the gateway server with NTLM authentication.
We have other web servers on the LAN hosting multiple sites.
The domain name is BlueBottle (not really).
The websites are names like salesops.bluebottle, accounts.bluebottle, kpi.bluebottle, etc.
There are also dev.x and test.x variants of these sites (dev.salesops.bluebottle, test.salesops.bluebottle). Dev is for the development, test is for pre-release of new features and no specific prefix is the live version.
The sites do not all have their own IP address or web server. Sites share the web server.
We are NOT using IIS.
Workstations are configured to use the proxy server for all requests.
The "Bypass proxy server for local addresses" is set.
The "Exceptions - Do not use proxy server for addresses beginning with:" box is empty.
The IP address for all the sites is on the same subnet as the domain. All machines on the network have an IP address from 10.0.0.x
We have DNS records set for the sites to point to a specific address.
The sites are intranet sites only. They are NOT for external access (i.e. only locally tethered users are allowed access).

If a user goes to a site (say salesop.bluebottle), there is a significant delay. If I enter salesop.bluebottle in the "Do not use proxy server for addresses beginning with ...", then the site loads up a LOT faster.

I think the "Bypass proxy server for local addresses" doesn't do anything.

Also, the only way the web server scripts get the clients IP address is to have the site name in the list of exceptions ("Do not use proxy server for addresses beginning with ...").

So - the questions.

1 - What changes would you recommend?
2 - How would these changes be implemented globally? I do NOT want to have to visit every pc or have to set settings on new pcs as they arrive, and I want to stop the users from altering these settings once made.
3 - Am I missing out on something?
4 - Will these settings affect users who plug their notebooks into their home broadband (or even dialup) connection?

I am NOT a sysop, but everyone here thinks I'm the person who should fix this. Gee! Thanks!

This is a small issue with me putting a lot of words into it. Please be nice.

Thanks in advance,

Richard Quadling.
Question by:RQuadling
    LVL 18

    Expert Comment

    If you just want to set the following: "Do not use proxy server for addresses beginning with ...").

    Then use group policy to do this for your entire domain all at one time which will also lock users out of changing it while on the domain.

    Are you at all familar with group policy?

    The setting(s) you want are under:

    user config- windows settings- IE Maintainence- connection- proxy settings
    LVL 40

    Author Comment

    That's what I thought.

    I opened Active Directory Users and Computers.
    Right clicked my domain and chose properties.
    Chose the Group Policy tab.
    Chose Default Domain Policy.
    Chose Edit.
    User Config -> Windows Settings -> IE Maintenance -> Connection -> Proxy Settings.
    Exceptions -> Do not use proxy server for addresses that start = 10.0.0.*;*.bluebottle
    Do not use proxy server for local (intranet) addresses = ticked.

    The exceptions value is the same as my machine (which I did manually). Leave it in, it works, take it out HUGE delay and no IP tracking.

    Got some users to reboot. Their IE has not changed.

    LVL 40

    Author Comment


    Found that the users I got to reboot belong to a group. The group policy for that group was set to block inheritence and no override.

    Gee. Who ever set this up made it REALLY hard.

    Is there a way to view all the policies in place? This is what the root of the problem is for me here I think. (I only started in August and as a programmer, not the sysop - who went to Australia in November and decided not to come back! Oh how I would like to thank him!).

    LVL 18

    Accepted Solution

    "Is there a way to view all the policies in place?"

    Yes there is. Download (if you don't already have it) the GPMC (group policy management console)...this thing will make your life much easier when it comes to managing group policy :)

    Also, on a client, you can run gpresult.exe to see what policies are applied and what ones have been filtered out. The RSOP tool is similar, but gives a bit more info as well:;en-us;323276
    LVL 38

    Assisted Solution

    by:Rich Rumble
    You can use scripts to do this also, you can have them check to see if these settings are set to the value you want, and if not then set them again
    If you know the registry key this set's you can use a script to set that easily

    Also some great example scripts here:
    LVL 40

    Author Comment

    Oh! That RSoP program is EXCELLENT!!!!


    This is great news.

    I've got enough here now to tell the IT manager what we need to do.

    THank you!!!!!!


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now