Solved

Internet Proxy setting in Group Policy

Posted on 2007-03-17
4
5,392 Views
Last Modified: 2012-05-05
Group Policy question for you....

I am restricting access to the Proxy Server settings in the Lan Settings area of the Internet Options>Connections tab for users(W2k and XP) of my domain(Windows 2003 Native).  This is to prevent users from circumventing the proxy and getting out to the Internet without going through the proxy and web filtering software.  This GP has one unfortunate side effect.. It also means users on laptops that connect to the domain, and then go mobile, are caching this policy and are having problems connecting to the Internet while traveling.  I have a VBS script that can be run by the users to disable the proxy settings if necessary, but I was wondering if there was a group policy setting that could disable the proxy setting upon becoming untethered from our network and re-enable the proxy setting when they connect back on again.

Thanks for the help!

Mike W.
0
Comment
Question by:mwaters31
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 250 total points
ID: 18742949
Couple of Possibilities:

1) Set proxy via dhcp/dns. Some proxy servers support this. e.g. ISA

http://support.microsoft.com/default.aspx?scid=kb;en-us;309814&sd=tech

2)Set local policy on the laptops individually to auto discover proxy. This setting is overwritten when on the domain network, but when they are outside and cannot load group policy, local policy takes effect.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18744820
group policy caches so the second option will not work to the best of my knowledge
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 18744910
After reading some more I have to agree the second option is not going to work.

It would seem GP processing stops if a DC cannot be contacted - and the previous settings are maintained.

A alternative would be a logon/logoff script that enables and disables proxying.
A commercial alternative desktop authority (www.scriptlogic.com) can be very granular - validating against security groups, or OU etc etc.
0
 

Author Comment

by:mwaters31
ID: 18757065
I think this will work for me.  I am using an ISA2004 firewall and the Lan clients were getting their proxy settings through a GP only.  I can now get rid of the GP for this and just use the DHCP/DNS proxy configuration.  That way when a user goes mobile, the remote DHCP/DNS system will not point them at our firewall for proxy services.

Thanks!

Mike
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question