Take it as read for the time being that I need a PAC file and do not want to allow it to be bypassed, either by the user turning off automatic configuration, or by being able to edit or delete the PAC file. Not a problem for internal users, where I have used Group Policy to set up the PAC file in the Connections > LAN section of IE, and also to disable the user's access to those options. The PAC file is, in this case, located in a share on a server.
For those dratted roaming users, I could copy / create a PAC file on their hard drives and apply a different GP for the different location, but then I've got to have administrative access to each laptop to place the file in a secure location. I'd also have an admin nightmare if & when the PAC file needs to change. I was wondering whether IE would find a server-based PAC file while not on the network if it was administratively made available offline through GP. I understand this just pre-sets and uses part of Offline Files & Folders, but is it transparent enough for IE to be fooled it can see the server-based PAC file?