?
Solved

Internet Proxy setting in Group Policy

Posted on 2007-03-17
4
Medium Priority
?
5,404 Views
Last Modified: 2012-05-05
Group Policy question for you....

I am restricting access to the Proxy Server settings in the Lan Settings area of the Internet Options>Connections tab for users(W2k and XP) of my domain(Windows 2003 Native).  This is to prevent users from circumventing the proxy and getting out to the Internet without going through the proxy and web filtering software.  This GP has one unfortunate side effect.. It also means users on laptops that connect to the domain, and then go mobile, are caching this policy and are having problems connecting to the Internet while traveling.  I have a VBS script that can be run by the users to disable the proxy settings if necessary, but I was wondering if there was a group policy setting that could disable the proxy setting upon becoming untethered from our network and re-enable the proxy setting when they connect back on again.

Thanks for the help!

Mike W.
0
Comment
Question by:mwaters31
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 750 total points
ID: 18742949
Couple of Possibilities:

1) Set proxy via dhcp/dns. Some proxy servers support this. e.g. ISA

http://support.microsoft.com/default.aspx?scid=kb;en-us;309814&sd=tech

2)Set local policy on the laptops individually to auto discover proxy. This setting is overwritten when on the domain network, but when they are outside and cannot load group policy, local policy takes effect.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18744820
group policy caches so the second option will not work to the best of my knowledge
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 18744910
After reading some more I have to agree the second option is not going to work.

It would seem GP processing stops if a DC cannot be contacted - and the previous settings are maintained.

A alternative would be a logon/logoff script that enables and disables proxying.
A commercial alternative desktop authority (www.scriptlogic.com) can be very granular - validating against security groups, or OU etc etc.
0
 

Author Comment

by:mwaters31
ID: 18757065
I think this will work for me.  I am using an ISA2004 firewall and the Lan clients were getting their proxy settings through a GP only.  I can now get rid of the GP for this and just use the DHCP/DNS proxy configuration.  That way when a user goes mobile, the remote DHCP/DNS system will not point them at our firewall for proxy services.

Thanks!

Mike
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question