Solved

Group Policy for Laptops

Posted on 2007-12-04
7
2,001 Views
Last Modified: 2013-12-08
Hi!

I have created a group policy that would set connection to proxy in Internet Explorer and remove Connections tab from Tools->Options. This group policy is applied to User Accounts. I was expecting that once the user is connected to domain his pc will take settings of the group policy and whenhe is out of office, he will use his standard settings, i.e. no proxy information. However, it doesn't work this way. Once computer takes the group policy even out of the office this settings are not nulled. How can I resolve this issue? Thank you very much!
0
Comment
Question by:Zaurb
7 Comments
 
LVL 3

Expert Comment

by:Aico
ID: 20401681
You could try setting the Local Security Policy setting. Maybe when the machine doesn't detect the domain it reverts back to the Local Security Policy, but I'm not sure about that.
0
 
LVL 16

Expert Comment

by:btassure
ID: 20402105
I would create a batch file that runs a registry entry that removes the proxy when the user is offsite. Group policy will take priority in the office and override any other settings. :o)

Create the following batch file:
@echo off
regedit /s c:\proxy.reg
exit

Or if you want to be clever and do this automatically then put a read only text file in a shared drive on the server and put some random text in it. Call it for example h:\proxycheck.txt
and make your batch file read:
@echo off
if exist h:\proxycheck.txt goto office else goto away
:away
regedit /s c:\proxy.reg
exit
:office
echo proxy ok
exit

Then, on a normal machine (without the group policy in effect) run regedit and go to the following key:
HKCU/software/microsoft/windows/current version/internet settings
highlight that hive and export it (only the selected branch) to c:\proxy.reg
Close regedit and open that file in notepad.
Leave the first two lines:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
and delete everything else except:
"ProxyEnable"=dword:00000000
Make sure it says 00000000

That turns off the proxy. Save the file and exit. Copy that file to the c: drive of the laptop in question.
Copy the batch file above to the c: drive and create a scheduled task to run the batch file every 5 minutes.

If you dont want it automated then put a shortcut to the batch file on the desktop and tell the user to run it when they log on out of the office.
0
 
LVL 1

Author Comment

by:Zaurb
ID: 20402395
Thank you!

Please, explain if there's a way to make the specific group policy be in effect only when user logs on to a domain? When I've disconected my laptop and ran gpupdate /force I thought the policy will be reset to a local policy settings. It didn't work though. I'm a bit confused because I was thinking that domain policies are in effect only when user logs into domain

0
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20402504
Group Policy basically sets registry keys to policy values. When users log on off the domain - but with a domain account the policy will still be applied.

Also Group Policy overides Local Policy so the Aico's soluton will not resolve the problem. You may find that the solution to you problem is to have different logins  though this may be messy. Alternatively have the proxy setting set by DHCP and stop all other web traffic going out directly over the default gateway.

take a look at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/2000/Q_21124850.html

There isn't a way to have policy applied based on where you log in from. I've seen quite a few solutions where the proxyenable option is turned off though this requires either a scheduled task or manual intervention.

I've found that if you secure your network so that users have to use the proxy then there's no danger in setting the proxy through DHCP.
0
 
LVL 11

Expert Comment

by:TWBit
ID: 20402572
Have you tried using the Automatically Detect Settings in IE? I was had the same scenario as you until I switched and now when in the office it will detect my proxy server, and out of the office it won't detect it and use a direct connection.
0
 
LVL 16

Accepted Solution

by:
btassure earned 250 total points
ID: 20402673
If the laptops are going to be on a different subnet than the one in the office then you can quite easily code your requirements into a proxy.pac file. You can deploy the proxy.pac through group policy as well. In the GPO you would enable automatic detection of settings and enable automatic configuration, in the second type box you need to enter the URL at which you are hosting the proxy.pac (just stick it on your website - the clients can all get it then).
Create the proxy.pac in notepad as follows:
    function FindProxyForURL(url, host)
    {
    if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
    return "PROXY 192.168.1.1:8080";
    else
    return "DIRECT";
    }

Assuming that you are using 192.168.1.0/24 in the office and the proxy server is on .1:8080
Save it and if you want to test that file you can manually set it in IE's proxy settings (copy it to your c drive or something).

Note this will only work if the users are not on the same IP range at home as they are in the office otherwise the proxy.pac will be making them try to use a proxy server that is not there!
0
 
LVL 1

Author Closing Comment

by:Zaurb
ID: 31412544
Thank you very much!
0

Join & Write a Comment

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now