Solved

Internet Proxy setting in Group Policy

Posted on 2007-03-17
4
5,386 Views
Last Modified: 2012-05-05
Group Policy question for you....

I am restricting access to the Proxy Server settings in the Lan Settings area of the Internet Options>Connections tab for users(W2k and XP) of my domain(Windows 2003 Native).  This is to prevent users from circumventing the proxy and getting out to the Internet without going through the proxy and web filtering software.  This GP has one unfortunate side effect.. It also means users on laptops that connect to the domain, and then go mobile, are caching this policy and are having problems connecting to the Internet while traveling.  I have a VBS script that can be run by the users to disable the proxy settings if necessary, but I was wondering if there was a group policy setting that could disable the proxy setting upon becoming untethered from our network and re-enable the proxy setting when they connect back on again.

Thanks for the help!

Mike W.
0
Comment
Question by:mwaters31
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 250 total points
ID: 18742949
Couple of Possibilities:

1) Set proxy via dhcp/dns. Some proxy servers support this. e.g. ISA

http://support.microsoft.com/default.aspx?scid=kb;en-us;309814&sd=tech

2)Set local policy on the laptops individually to auto discover proxy. This setting is overwritten when on the domain network, but when they are outside and cannot load group policy, local policy takes effect.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18744820
group policy caches so the second option will not work to the best of my knowledge
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 18744910
After reading some more I have to agree the second option is not going to work.

It would seem GP processing stops if a DC cannot be contacted - and the previous settings are maintained.

A alternative would be a logon/logoff script that enables and disables proxying.
A commercial alternative desktop authority (www.scriptlogic.com) can be very granular - validating against security groups, or OU etc etc.
0
 

Author Comment

by:mwaters31
ID: 18757065
I think this will work for me.  I am using an ISA2004 firewall and the Lan clients were getting their proxy settings through a GP only.  I can now get rid of the GP for this and just use the DHCP/DNS proxy configuration.  That way when a user goes mobile, the remote DHCP/DNS system will not point them at our firewall for proxy services.

Thanks!

Mike
0

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now