Solved

Group Policy for Laptops

Posted on 2007-12-04
7
2,007 Views
Last Modified: 2013-12-08
Hi!

I have created a group policy that would set connection to proxy in Internet Explorer and remove Connections tab from Tools->Options. This group policy is applied to User Accounts. I was expecting that once the user is connected to domain his pc will take settings of the group policy and whenhe is out of office, he will use his standard settings, i.e. no proxy information. However, it doesn't work this way. Once computer takes the group policy even out of the office this settings are not nulled. How can I resolve this issue? Thank you very much!
0
Comment
Question by:Zaurb
7 Comments
 
LVL 3

Expert Comment

by:Aico
ID: 20401681
You could try setting the Local Security Policy setting. Maybe when the machine doesn't detect the domain it reverts back to the Local Security Policy, but I'm not sure about that.
0
 
LVL 16

Expert Comment

by:btassure
ID: 20402105
I would create a batch file that runs a registry entry that removes the proxy when the user is offsite. Group policy will take priority in the office and override any other settings. :o)

Create the following batch file:
@echo off
regedit /s c:\proxy.reg
exit

Or if you want to be clever and do this automatically then put a read only text file in a shared drive on the server and put some random text in it. Call it for example h:\proxycheck.txt
and make your batch file read:
@echo off
if exist h:\proxycheck.txt goto office else goto away
:away
regedit /s c:\proxy.reg
exit
:office
echo proxy ok
exit

Then, on a normal machine (without the group policy in effect) run regedit and go to the following key:
HKCU/software/microsoft/windows/current version/internet settings
highlight that hive and export it (only the selected branch) to c:\proxy.reg
Close regedit and open that file in notepad.
Leave the first two lines:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
and delete everything else except:
"ProxyEnable"=dword:00000000
Make sure it says 00000000

That turns off the proxy. Save the file and exit. Copy that file to the c: drive of the laptop in question.
Copy the batch file above to the c: drive and create a scheduled task to run the batch file every 5 minutes.

If you dont want it automated then put a shortcut to the batch file on the desktop and tell the user to run it when they log on out of the office.
0
 
LVL 1

Author Comment

by:Zaurb
ID: 20402395
Thank you!

Please, explain if there's a way to make the specific group policy be in effect only when user logs on to a domain? When I've disconected my laptop and ran gpupdate /force I thought the policy will be reset to a local policy settings. It didn't work though. I'm a bit confused because I was thinking that domain policies are in effect only when user logs into domain

0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20402504
Group Policy basically sets registry keys to policy values. When users log on off the domain - but with a domain account the policy will still be applied.

Also Group Policy overides Local Policy so the Aico's soluton will not resolve the problem. You may find that the solution to you problem is to have different logins  though this may be messy. Alternatively have the proxy setting set by DHCP and stop all other web traffic going out directly over the default gateway.

take a look at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/2000/Q_21124850.html

There isn't a way to have policy applied based on where you log in from. I've seen quite a few solutions where the proxyenable option is turned off though this requires either a scheduled task or manual intervention.

I've found that if you secure your network so that users have to use the proxy then there's no danger in setting the proxy through DHCP.
0
 
LVL 11

Expert Comment

by:TWBit
ID: 20402572
Have you tried using the Automatically Detect Settings in IE? I was had the same scenario as you until I switched and now when in the office it will detect my proxy server, and out of the office it won't detect it and use a direct connection.
0
 
LVL 16

Accepted Solution

by:
btassure earned 250 total points
ID: 20402673
If the laptops are going to be on a different subnet than the one in the office then you can quite easily code your requirements into a proxy.pac file. You can deploy the proxy.pac through group policy as well. In the GPO you would enable automatic detection of settings and enable automatic configuration, in the second type box you need to enter the URL at which you are hosting the proxy.pac (just stick it on your website - the clients can all get it then).
Create the proxy.pac in notepad as follows:
    function FindProxyForURL(url, host)
    {
    if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
    return "PROXY 192.168.1.1:8080";
    else
    return "DIRECT";
    }

Assuming that you are using 192.168.1.0/24 in the office and the proxy server is on .1:8080
Save it and if you want to test that file you can manually set it in IE's proxy settings (copy it to your c drive or something).

Note this will only work if the users are not on the same IP range at home as they are in the office otherwise the proxy.pac will be making them try to use a proxy server that is not there!
0
 
LVL 1

Author Closing Comment

by:Zaurb
ID: 31412544
Thank you very much!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question