active directory 2003 organizational units

Posted on 2011-03-15
Last Modified: 2012-05-11
i have an active directory domain - with windows 2003 servers. i have a few organizational units with different group policies. now i need to have everyone go through my squid proxy server. i want the laptop users to use the proxy in the domain, but not when they are traveling. is there a way to do this?
Question by:JeffBeall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 31

Expert Comment

by:Justin Owens
ID: 35139119
Not really.  You can set a top level GPO to set your proxy server for all your OUs easily enough.  What you CAN do is have your laptops in a different OU and not enforce it there, that way they can change the setting manually.  When the come back to the office, it will revert (GPO Allies again), but when they leave, they can change it to none.  That is how we accomplish it at my current location.


Author Comment

ID: 35139194
i'm not concerned with getting the policy out to everyone - i'm more concerned with laptop users not going through the proxy outside the domain.

Author Comment

ID: 35139222
i just had a thought - i could have an OU for laptops that doesn't have the proxy policy - then through their login script - make it so they use the proxy.
only problem is i don't know how to script. the current login "script" is a simple batch file that sets up the network shares.
would this be possible?
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

LVL 31

Accepted Solution

Justin Owens earned 250 total points
ID: 35139349
Yes, but to make it transparent to the end user, you would also need a log off script to turn the proxy back off.  Batch itself cannot do it, but it can import registry settings which can:

This Question details how to accomplish through Batch registry manipulation.

Assisted Solution

xylog earned 250 total points
ID: 35143812
You can set your browsers to autodetect and use WPAD -> Either using a DNS entry called wpad or a DHCP option. When off the network they will not resolve the DNS entry or have the DHCP setting so they will autodetect the lack of a proxy and directly access the net. WPAD is supported in Firefox also.

Author Closing Comment

ID: 35180617
thank you

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question