GPO which enables proxy settings on LAN and disables outside of corporate network

Hi all-

I currently have a barracuda web filter which I have configured as a proxy for my remote sites. When laptop users at remote sites are on the LAN proxy settings are applied through a gpo. When laptop users take their laptops home and connect to their home wireless network, the proxy settings still apply and they are not savy enough to figure out how to bypass this setting.

Is there any way to just have the proxy settings apply via gpo when they are on the LAN and to be disabled when the laptop users are remote. I know the easy solution is to tell them to uncheck the proxy settings in IE, but that will show them how to bypass the proxy when on the LAN. Could the proxy settings be applied through DHCP instead possibly? TIA
beargonefishingDirector of Network InfrastructureAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

These problems are common with proxy based setups for internet access. Try using an automatic proxy configuration script [.js / .jvs / .pac file]. Thus whenever the user is in LAN, the script will be enabled. Else if not reachable, the default proxy gets bypassed automatically.
The proxy automatic settings can be configured in GPO

beargonefishingDirector of Network InfrastructureAuthor Commented:
Previously when we had ISA in our setup, we had an autoconfig script for that. But that script kind of created itself. Not familiar with creating one of these files.

Would you recommend applying the proxy settings this way rather than through the proxy settings tab in the gpo. Could you please elaborate
beargonefishingDirector of Network InfrastructureAuthor Commented:
Would something like this work for a PAC fiile.

function FindProxyForURL(url, host) { return "PROXY IPaddress:8080; DIRECT"; }

-where IP address is the ip address of my hardware appliance
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Sorry for the delay, yes thats the function which helps.
The process works this way.
1. You just have to configure the PAC file path in the GP. The proxy settings need not be specified.
2. Whenever the user accesses the browser, it checks whether the PAC file is available. If in LAN, the file will be available & browser will work from your proxy. If outside the network, the file wont be available & browser will function as without any Proxy settings.
3. Listed below is a sample script.
function FindProxyForURL(url, host)
var proxy_yes="PROXY IPAdress:8080";
var proxy_no="DIRECT";
//If you want certain local URL's to be bypassed from Proxy
if(shExpMatch(url,"**")) {return proxy_no}
//Proxy anything else
return proxy_yes;
beargonefishingDirector of Network InfrastructureAuthor Commented:
Is there any kind of delay with opening the browser initially with a .pac file. Do you have this same setup in your environment.
yes & no. the pac file would be hardly in kb's. so the transfer delay would not be there.
yes we r using it in our env..
beargonefishingDirector of Network InfrastructureAuthor Commented:
And do have have an ISA server or just a hardware appliance that use as a proxy.
its a linux box with squid running as proxy
beargonefishingDirector of Network InfrastructureAuthor Commented:
I am going to test it tonight from home and i will let you know how it goes.
best of luck! :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
beargonefishingDirector of Network InfrastructureAuthor Commented:
very thorough answer and timely response. Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.