Group Policy Won't Update "Use Automatic Configuration Script"

We are about roll out Scansafe and point all users to the pac file that will point them to the proxy.  Our Scansafe rep told us that we could use Group Policy to do this by going to:

User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Automatic Browser Configuration

and doing the following:
 - checking "Enable Automatic Configuration"
 - entering the path to the pac file ("http://[server name]/[pac file]") in the field for "Automatic proxy URL".  (when we put this path in directly into Internet Options > Connections, it works fine)

However, once I force a gpupdate, and verify that my user is getting the group policy (through gpresult /r), it still does not show up in Internet Options, and if I check the registry, it's not there either.  I've tried enabling "Disable caching of Auto-Proxy scripts" as well on the gpo, but that doesn't help.  

I've tried the following custom adm, but that doesn't do anything either.
CATEGORY "Internet Explorer"
POLICY "Proxy Server Connection"
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
PART "Use automatic configuration script"

Open in new window

When I look at rsop.msc and go to the Automatic Browser Configuration, it shows the correct settings as I had set them in the gpo.  On the next tab -- Auto-Cfg Detect Precedence, the gpo that this setting is in is listed first, with all gpo's showing the setting as disabled.  On the next tab -- Auto-Cfg Enable Precedence, the gpo the setting is in as at the top showing enabled, and the other gpo's show disabled.  (not sure if this matters but figured I should include it)

Anybody have any ideas why this gpo isn't updating Internet Options?  We've never had issues with GP before, and have successfully enabled standard proxies in the past, but never have worked with automatic configuration scripts before.  
Who is Participating?
Mike ThomasConsultantCommented:
That is pretty much what happened to me except it wasn't the default domain policy si i could easily deal with it, as a test try to put all the settings into the default domain policy. If it works think about recreating the default domain policy from scracth without these settings.

Mike ThomasConsultantCommented:
Have you ticked enable automatically detect settings and enable automatic configuration

I know the former should not be needed but for a recent deployment of a Websense Pac file config I found that I had an old corrupt legacy policy applying this setting, and for some reason it was messing with my policy, what i had to do was tick that box on the new policy AND ensure the old policy was no longer applying (removing the setting was not enough)

You can use RSOP to see if the policy setting is being overwritten by another policy.

cmg-supportAuthor Commented:
Thanks MojoTech, but that doesn't seem to have helped.  Although it shows that that policy's settings are highest priority on the second two tabs of the Automatic Browser Configuration in rsop.msc, it does show the Default Domain Policy underneath, showing disabled.  I'm wondering if because at one point, the Default Domain Policy had Automatically Detect Settings enabled, and then it was disabled later (unchecked), if that's trumping my new group policy object.  If that's the case, I don't know how to override it.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

cmg-supportAuthor Commented:
Is there anyway around this?  My boss doesn't want anyone to touch the default domain policy.
Mike ThomasConsultantCommented:
Not that I figured out unfortunately.
cmg-supportAuthor Commented:
Update - I tested this over the weekend while no one could be affected.  I put the settings in the default domain policy, and it worked -- pushed them down to my computer.  So that was the issue.  Would be nice not to have to use that policy for these settings, but it looks like we will have to.  Thanks for the help!
cmg-supportAuthor Commented:
Just an update to this -- after much googling, I found a reference to an option "Reset Browser Settings" within GP.  If you go into Internet Explorer Maintenance on the gpo, and right click on it, there is an option "Reset Browser Settings".  Doing so erases all settings from the gpo within that category.  I made a copy of our default domain policy and then tested it out on there, and it did just that -- so that it doesn't show the Automatically Detect Settings at all.  Although I haven't done this on the real default domain policy, I'm assuming once I do that, the other gpo that I set up for the pac file won't be overwritten by the default policy anymore.
cmg-support  I just tested your theory and it worked.  We were having the same issue.  There was a previous config in the domain policy that was overwriting our "User" Internet Explorer Maint setting in another policy.  The domain policy was blank thus making the users settings blank.  Thanks for the tip!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.