Forcing proxy settings for non-network users

What is the best way to enforce a proxy setting for non-network users? For network users we mange this using Group Policy. However, when a visitor brings in a laptop and plugs into our network for Internet access they are bypassing our proxy server and able to go anywhere and download anything. The logical solution would be to deploy this setting using DCHPINFORM but I was unable to get this to work.
We're running Windows 2003 Server, XP Pro Clients, IE 6,IE7 and Firefox.
Thanks in advance!
deflintAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
What proxy is it?
0
deflintAuthor Commented:
Our proxy Server happens to be WebMarshal. I'm just trying to push out its' IP address via DHCP. Or any other way if there's a better solution.
0
Keith AlabasterEnterprise ArchitectCommented:
Have you reviewed the wpad processes?
Although this link is for ISA systems, the process should be very similar
http://www.microsoft.com/technet/isa/2004/plan/automaticdiscovery.mspx

0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

deflintAuthor Commented:
WPAD doesn't require ISA?
0
Keith AlabasterEnterprise ArchitectCommented:
No - but here is an interesting article that might be of use whilst I see what I can find for you....
http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_22387799.html
0
Phil_AgcaoiliCommented:
Your first issue is that you allow egress access to everyone.
It so happens that you use GPOs to drive your users towards proxy use.
You need to block Internet access to ALL systems except your proxies.
This will force visitors and others not following the corporate policy to use the proxy.

Also, I've found the most transparent approach to ensure visitors abide by basic security requirements is to drive them towards a Cisco NAC Appliance (formerly Cisco Clean Access) which is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. With NAC Appliance, network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with your network's security policies and repairs any vulnerabilities before permitting access to the network.

Cisco NAC Appliance also supports posture assessment for guest users.

Here's more info: http://en.wikipedia.org/wiki/Cisco_NAC_Appliance

Another approach for guest users is to drive them to use your wireless network and grant them guest access which is limited (by service) egress Internet access only for a short period of time. This way, you can enforce any content filtering needs and only allow specific access to resources.

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Phil_AgcaoiliCommented:
I forgot the mention that you current setup is anarchy right? Anyone can just plug in an get access to servers, printers, and the Net?

If so, my solutions above really lock down what guests have access to.
0
deflintAuthor Commented:
Thank for your quick response!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.