Solved

Group Policy Won't Update "Use Automatic Configuration Script"

Posted on 2011-02-22
8
8,426 Views
Last Modified: 2012-05-11
We are about roll out Scansafe and point all users to the pac file that will point them to the proxy.  Our Scansafe rep told us that we could use Group Policy to do this by going to:

User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Automatic Browser Configuration

and doing the following:
 - checking "Enable Automatic Configuration"
 - entering the path to the pac file ("http://[server name]/[pac file]") in the field for "Automatic proxy URL".  (when we put this path in directly into Internet Options > Connections, it works fine)

However, once I force a gpupdate, and verify that my user is getting the group policy (through gpresult /r), it still does not show up in Internet Options, and if I check the registry, it's not there either.  I've tried enabling "Disable caching of Auto-Proxy scripts" as well on the gpo, but that doesn't help.  

I've tried the following custom adm, but that doesn't do anything either.
 
CLASS User
CATEGORY "Internet Explorer"
POLICY "Proxy Server Connection"
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
PART "Use automatic configuration script"
EDITTEXT
VALUENAME "AutoConfigURL"
END PART
END POLICY
END CATEGORY

Open in new window



When I look at rsop.msc and go to the Automatic Browser Configuration, it shows the correct settings as I had set them in the gpo.  On the next tab -- Auto-Cfg Detect Precedence, the gpo that this setting is in is listed first, with all gpo's showing the setting as disabled.  On the next tab -- Auto-Cfg Enable Precedence, the gpo the setting is in as at the top showing enabled, and the other gpo's show disabled.  (not sure if this matters but figured I should include it)

Anybody have any ideas why this gpo isn't updating Internet Options?  We've never had issues with GP before, and have successfully enabled standard proxies in the past, but never have worked with automatic configuration scripts before.  
0
Comment
Question by:cmg-support
  • 4
  • 3
8 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34959803
Have you ticked enable automatically detect settings and enable automatic configuration

I know the former should not be needed but for a recent deployment of a Websense Pac file config I found that I had an old corrupt legacy policy applying this setting, and for some reason it was messing with my policy, what i had to do was tick that box on the new policy AND ensure the old policy was no longer applying (removing the setting was not enough)

You can use RSOP to see if the policy setting is being overwritten by another policy.


0
 

Author Comment

by:cmg-support
ID: 34962086
Thanks MojoTech, but that doesn't seem to have helped.  Although it shows that that policy's settings are highest priority on the second two tabs of the Automatic Browser Configuration in rsop.msc, it does show the Default Domain Policy underneath, showing disabled.  I'm wondering if because at one point, the Default Domain Policy had Automatically Detect Settings enabled, and then it was disabled later (unchecked), if that's trumping my new group policy object.  If that's the case, I don't know how to override it.
0
 
LVL 24

Accepted Solution

by:
Mike Thomas earned 500 total points
ID: 34962124
That is pretty much what happened to me except it wasn't the default domain policy si i could easily deal with it, as a test try to put all the settings into the default domain policy. If it works think about recreating the default domain policy from scracth without these settings.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:cmg-support
ID: 34962716
Is there anyway around this?  My boss doesn't want anyone to touch the default domain policy.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34964004
Not that I figured out unfortunately.
0
 

Author Comment

by:cmg-support
ID: 34999968
Update - I tested this over the weekend while no one could be affected.  I put the settings in the default domain policy, and it worked -- pushed them down to my computer.  So that was the issue.  Would be nice not to have to use that policy for these settings, but it looks like we will have to.  Thanks for the help!
0
 

Author Comment

by:cmg-support
ID: 35039590
Just an update to this -- after much googling, I found a reference to an option "Reset Browser Settings" within GP.  If you go into Internet Explorer Maintenance on the gpo, and right click on it, there is an option "Reset Browser Settings".  Doing so erases all settings from the gpo within that category.  I made a copy of our default domain policy and then tested it out on there, and it did just that -- so that it doesn't show the Automatically Detect Settings at all.  Although I haven't done this on the real default domain policy, I'm assuming once I do that, the other gpo that I set up for the pac file won't be overwritten by the default policy anymore.
0
 

Expert Comment

by:dsuski
ID: 37292584
cmg-support  I just tested your theory and it worked.  We were having the same issue.  There was a previous config in the domain policy that was overwriting our "User" Internet Explorer Maint setting in another policy.  The domain policy was blank thus making the users settings blank.  Thanks for the tip!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question