Solved

Group Policy Won't Update "Use Automatic Configuration Script"

Posted on 2011-02-22
8
8,472 Views
Last Modified: 2012-05-11
We are about roll out Scansafe and point all users to the pac file that will point them to the proxy.  Our Scansafe rep told us that we could use Group Policy to do this by going to:

User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Automatic Browser Configuration

and doing the following:
 - checking "Enable Automatic Configuration"
 - entering the path to the pac file ("http://[server name]/[pac file]") in the field for "Automatic proxy URL".  (when we put this path in directly into Internet Options > Connections, it works fine)

However, once I force a gpupdate, and verify that my user is getting the group policy (through gpresult /r), it still does not show up in Internet Options, and if I check the registry, it's not there either.  I've tried enabling "Disable caching of Auto-Proxy scripts" as well on the gpo, but that doesn't help.  

I've tried the following custom adm, but that doesn't do anything either.
 
CLASS User
CATEGORY "Internet Explorer"
POLICY "Proxy Server Connection"
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
PART "Use automatic configuration script"
EDITTEXT
VALUENAME "AutoConfigURL"
END PART
END POLICY
END CATEGORY

Open in new window



When I look at rsop.msc and go to the Automatic Browser Configuration, it shows the correct settings as I had set them in the gpo.  On the next tab -- Auto-Cfg Detect Precedence, the gpo that this setting is in is listed first, with all gpo's showing the setting as disabled.  On the next tab -- Auto-Cfg Enable Precedence, the gpo the setting is in as at the top showing enabled, and the other gpo's show disabled.  (not sure if this matters but figured I should include it)

Anybody have any ideas why this gpo isn't updating Internet Options?  We've never had issues with GP before, and have successfully enabled standard proxies in the past, but never have worked with automatic configuration scripts before.  
0
Comment
Question by:cmg-support
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34959803
Have you ticked enable automatically detect settings and enable automatic configuration

I know the former should not be needed but for a recent deployment of a Websense Pac file config I found that I had an old corrupt legacy policy applying this setting, and for some reason it was messing with my policy, what i had to do was tick that box on the new policy AND ensure the old policy was no longer applying (removing the setting was not enough)

You can use RSOP to see if the policy setting is being overwritten by another policy.


0
 

Author Comment

by:cmg-support
ID: 34962086
Thanks MojoTech, but that doesn't seem to have helped.  Although it shows that that policy's settings are highest priority on the second two tabs of the Automatic Browser Configuration in rsop.msc, it does show the Default Domain Policy underneath, showing disabled.  I'm wondering if because at one point, the Default Domain Policy had Automatically Detect Settings enabled, and then it was disabled later (unchecked), if that's trumping my new group policy object.  If that's the case, I don't know how to override it.
0
 
LVL 24

Accepted Solution

by:
Mike Thomas earned 500 total points
ID: 34962124
That is pretty much what happened to me except it wasn't the default domain policy si i could easily deal with it, as a test try to put all the settings into the default domain policy. If it works think about recreating the default domain policy from scracth without these settings.

0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:cmg-support
ID: 34962716
Is there anyway around this?  My boss doesn't want anyone to touch the default domain policy.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34964004
Not that I figured out unfortunately.
0
 

Author Comment

by:cmg-support
ID: 34999968
Update - I tested this over the weekend while no one could be affected.  I put the settings in the default domain policy, and it worked -- pushed them down to my computer.  So that was the issue.  Would be nice not to have to use that policy for these settings, but it looks like we will have to.  Thanks for the help!
0
 

Author Comment

by:cmg-support
ID: 35039590
Just an update to this -- after much googling, I found a reference to an option "Reset Browser Settings" within GP.  If you go into Internet Explorer Maintenance on the gpo, and right click on it, there is an option "Reset Browser Settings".  Doing so erases all settings from the gpo within that category.  I made a copy of our default domain policy and then tested it out on there, and it did just that -- so that it doesn't show the Automatically Detect Settings at all.  Although I haven't done this on the real default domain policy, I'm assuming once I do that, the other gpo that I set up for the pac file won't be overwritten by the default policy anymore.
0
 

Expert Comment

by:dsuski
ID: 37292584
cmg-support  I just tested your theory and it worked.  We were having the same issue.  There was a previous config in the domain policy that was overwriting our "User" Internet Explorer Maint setting in another policy.  The domain policy was blank thus making the users settings blank.  Thanks for the tip!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question