Here is my network layout, in brief:
DC 192.168.2.3, DNS, DHCP, WINS
Firewall 192.168.2.8 (Kerio WinRoute)
No DC present (yet)
Subnets connected via Cisco 2500 routers. All traffic flows just fine.
Since we added the Kerio WinRoute Firewall (great product), we have had to make some modifications to browser settings. One of the main ones was to remove the proxy settings (we used to point to an old MS Proxy 2.0 server). This was easily done via group policy. The problem is that the 1.x subnet can no longer get out to the internet. If we reset the proxy settings to point to the firewall then all is well again. Rather than hitting every desktop in the enterprise, I thought we could do this through group policy.
It ain't happenin'.
I have created two OUs...one for the 2.x subnet and one for the 1.x subnet. I have created two new group policies and linked them to these OUs. Computer objects only inhabit these OUs. The 1.x policy sets the proxy settings properly and also has proxy setting per machine enabled. Still no dice.
How do I get this to work?