Solved

How can I automatically handle different proxy settings for travelling users

Posted on 2008-10-20
4
918 Views
Last Modified: 2012-06-21
I have several sites with different proxy server solutions, and some sites is using proxy. Some sites have their own proxy servers, other have governmental proxy servers.

Example of proxy settings below.
HTTP: Proxy1.emirates.net.ae 8080
Auto-config URL (.INS file) http://10.110.125.12/proxy.pac

Proxy settings is today deployed with policies in a geographical divided OU tree.

We are running Active Directory on Windows 2003 (root and sub common domain), DHCP on Windows server 2003, Clients are Windows 2003. We are using Checkpoint Firewall and secure Client VPN client, possibly upgrading it to Enpoint Security.

My challenge is that there is a lot of travelling users. When visiting a site there is currently only two options to deploy proxy settings.
1. Change the proxy settings on the client manually.
2. System administrator moves their account to the corresponding OU.
None of the above options is optimal. An option is of course to use site policies instead, but we have not done this, because when a user is leaving a site he might connect at another site (eg. airport, home office). When not getting an updated AD policy applied, the proxy settings remain set from the last time receiving an AD policy.

I am aware of the DHCP option 252, but have understood it cannot deploy direct proxy settings, like "HTTP: Proxy1.emirates.net.ae 8080", only Config URL's.

My question is how I can automatically deploy proxy settings for users wherever they are or at least on sites under my control, and with a clean proxy setting on sites not under my control.

PS! A possible way could be to create a config URL for eg. " HTTP: Proxy1.emirates.net.ae 8080", but don't know how and how to deploy it.

I am not familiar with proxy servers at all, so please bare over with me.

Questions to improve my questions is highly appreciated. Thanks in advance.
0
Comment
Question by:AlexWilhelmsen
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
cahancock earned 500 total points
ID: 22906375
Create a fle names proxy.pac and put it in \\domain.name
Then create a logon script that runs at login to copy this file to the local harddrive (ex. c:\windows\proxy.pac)
then use group policy to force the browser to use automatic configuration script witht he following value without quotes "file://c:/windows/proxy.pac"

the script can be used to use different proxies or none at all depending on several factors including the pc's local ip address. So if the pc is on your network it would use your proxy and in not it would use no proxy. below is a sample of a proxy.pac file.


//modified 07/31/08 11:32 ch 
 

function FindProxyForURL(url, host)

{
 
 

var myip=myIpAddress();
 
 
 

//exceptions to proxy, traffic to local hosts is direct,

//also sites that have trouble with squid is direct

if (shExpMatch(url, "*mydomain.com*") ||

   shExpMatch(url, "*myotherdomain.com*")  ||

   isInNet(host, "172.19.0.0", "255.255.0.0") ||

   isInNet(host, "10.0.0.0", "255.0.0.0") ||

   isInNet(host, "127.0.0.1", "255.255.255.255"))

   		{

		//alert("direct") 

		return "DIRECT";

		}
 

else if (myip.substring(0,3)!=="10." && myip.substring(0,7)!=="172.19.")

		{

		//alert("direct")

		return "DIRECT";

		}
 

//use proxy unless unreachable, go direct if proxy is unreachable
 

else

{

//alert("proxy")

//return "DIRECT";

return "PROXY squid:3128; PROXY squidbak:3128; DIRECT";
 

}
 

}

Open in new window

0
 

Author Comment

by:AlexWilhelmsen
ID: 22920113
Your solution is quite good, but it will require the logon script for distributing the proxy.pac file. For visitiors I still would have to do it manually. My main question was for a fully autmated solution. Your script is quite neat so I will split some points for you.

The solution was quite easy when I understood that a proxy.pac and a wpad.dat file is the same, The wpad.dat name is just to make the 252 option in DHCP work. I found the complete solution at this url.

http://findproxyforurl.com/wpad_tutorial.html
0
 

Expert Comment

by:statpro
ID: 34751060
Create a Group policy to change your Proxy settings to whatever is required. Apply this at site level in Gorup Policy Management. Use different GPOs for each site.
0
 

Author Comment

by:AlexWilhelmsen
ID: 34751306
Good solution but for travelling users this will be a problem, since the last policy/proxy settings will be fixed until next time you get a policy. So if you do a stop at eg. a hotel or an airport they settings will still be there, and stopping you form browsing the web.

I know preferences in Windows 2008 R2 can fix this. but the question is very old, and related to Windows 2003 and XP.
0

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now