How do I enforce proxy setting to a workstation (or group of workstations) through GPO, regardless of who the users logged into the machine?

How do I enforce proxy setting to a workstation (or group of workstations) through GPO, regardless of who the users logged into the machine? - LQC
ASI2010Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonNetwork AdministratorCommented:
0
ASI2010Author Commented:
Tried loopback processing but to no avail.  Proxy settings still not being enforced.  Should the loopback processing be applied to both GPO applied in computer OU and user OU?
0
DonNetwork AdministratorCommented:
see if this pertains to you
 
http://support.microsoft.com/kb/825685 
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

angler-sdCommented:
This is easily done thru your router...
0
ASI2010Author Commented:
@dstewartjr - still the same... :(
0
AwinishCommented:
Create a new GPO,link to the OU where workstations are kept,you want to apply policy.

Enable loopback
Computer Config>Admin Templates>System>Group Policy as User Group  Policy loopback processing mode>configure enable & replace.

Proxy setting option is in user configuration.

User configuration/windows setting /internet explorer maintenance/connection/proxy settings

Run gpupdate /force on dc.

Give time to replicate on system,reboot the system as computer config changes require reboot of system.

If policy is not applied,run gpupdate /force on system & see if its applies.




0
AwinishCommented:
You can also configure

Computer Config>Admin Templates>windows component> Internet Explorer>disable changing proxy settings.

As computer config take precedence over user config.
0
ASI2010Author Commented:
Still with no luck.  The settings are being applied except the check box under LAN settings proxy server is not checked...

GPO is applied to the OU where the machine is kept.  Screenshot of the GPO attached.
0
markdmacCommented:
"GPO is applied to the OU where the machine is kept.  Screenshot of the GPO attached."

This is an incorrect application of the GPO.  In order for the GPO to take affect you will need to move it to where the users are located.  The proxy setting is a user setting not a computer setting.

I recommend a modular approach to your GPOs.  Divide up the computer settings and user settings into smaller GPOs.  Apply each to the appropriate OU to affect the users or computers respectively. OR put the GPOs at the top level of your AD to affect anything below them.
0
ASI2010Author Commented:
@markdmac

Yes, that's the intent.  However, because of resource restriction, we can only "enforce" that into few computer machines.  What will be the approach on GPO?  As previously mentioned, we have success with applying this to local GPO but will be a pain to manage....
0
AwinishCommented:
0
markdmacCommented:
I would need to better understand your need. Are you setting up Kiosk type machines?  If so I totally agree with using the loopback.  If however you are looking to restrict a few users that are restricted to specific machines, then I would recommend that you move the user objects into the same OU as the computer objects.
0
ASI2010Author Commented:
@markdmac

Here's the scenario.  We have about 200 machines in one forest structure.  We will be implementing a web-filtering mechanism (ideally to all machines) to a subset of users (staff level).  However, due to limited license we have with our web-filtering system, we can only apply to a subset of machines, regardless of who the users (staff level) logged into it.

Hope this better explain the situation.  

Moving the user to an OU is not an option to the limitation on the licenses on web-filter.

Thanks!
0
markdmacCommented:
OK, then I agree with the recommendation to use the loopback.
0
ASI2010Author Commented:
@markdmac

The problem is for some reason, the loopback processing is not working for us.  The defined IP address for the proxy server is being reflected in the machine's proxy setting but the tick box is not check.
0
markdmacCommented:
Try using the following as a login script instead. Change the IP to that of your proxy.
On Error Resume Next
Set WshShell = CreateObject("WScript.Shell")
Path = "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"
WshShell.RegWrite Path & "ProxyServer", "192.168.0.1" ,"REG_SZ"
WshShell.RegWrite Path & "ProxyEnable", 1 ,"REG_DWORD"
Set WSHShell = Nothing

Open in new window

0
DonNetwork AdministratorCommented:
This explains how to do it "Per machine"


http://searchenterprisedesktop.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid192_gci1277560,00.html


  • Give the policy a name, such as "Configure Proxy Settings" (or any  other friendly name you want).
  • Set security on the policy. Add those users and/or computers  to which this policy should apply.  If you want it to apply to all  computers on the domain and for all users, then add the Domain Computers  and Authenticated Users groups, respectively.
  • Right click the policy name and select Edit.
  • Drill down to Computer Configuration > Administrative  Templates > Windows Components > Internet Explorer.
  • Enable the setting in the right pane for "Make Proxy Settings  Per-Machine" (rather than Per-User).
  • Drill down to User Configuration > Windows Settings >  Internet Explorer Maintenance > Connection.
  • In the right pane, double-click the Connection Settings node.
  • Select the option to "Import the Current Connection Settings  from this machine."
  • Customize the settings if desired.
  • Click OK.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.